Improper input validation in Ansible - CVE-2016-8647
Published: July 11, 2017
Vulnerability identifier: #VU7411
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-8647
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
Ansible
Ansible
Detailed vulnerability description
The vulnerability allows an adjacent attacker to bypass security restrictions on the target system.
The weakness exists due to input validation error in Ansible's mysql_user module that may lead to incorrect password changing. An adjacent attacker can use the previous password and bypass security restrictions.
Successful exploitation of the vulnerability may result in access to the system.
The weakness exists due to input validation error in Ansible's mysql_user module that may lead to incorrect password changing. An adjacent attacker can use the previous password and bypass security restrictions.
Successful exploitation of the vulnerability may result in access to the system.
How to mitigate CVE-2016-8647
Update to version 2.3.0.