#VU7411 Improper input validation in Ansible - CVE-2016-8647
Published: July 11, 2017
Vulnerability identifier: #VU7411
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-8647
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Ansible
Ansible
Software vendor:
Red Hat Inc.
Red Hat Inc.
Description
The vulnerability allows an adjacent attacker to bypass security restrictions on the target system.
The weakness exists due to input validation error in Ansible's mysql_user module that may lead to incorrect password changing. An adjacent attacker can use the previous password and bypass security restrictions.
Successful exploitation of the vulnerability may result in access to the system.
The weakness exists due to input validation error in Ansible's mysql_user module that may lead to incorrect password changing. An adjacent attacker can use the previous password and bypass security restrictions.
Successful exploitation of the vulnerability may result in access to the system.
Remediation
Update to version 2.3.0.