CVE-2017-7466 – ansible

Package

Manager: pip
Name: ansible
Vulnerable Version: >=0 <2.2.3.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02503 pctl0.84771

Details

Ansible Arbitrary Code Execution Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

Metadata

Created: 2022-05-13T01:07:33Z
Modified: 2024-09-03T21:27:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3m8p-xpm6-8ww3/GHSA-3m8p-xpm6-8ww3.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-3m8p-xpm6-8ww3
Finding: F184
Auto approve: 1