CVE-2016-8647 LOW

CVE-2016-8647

Vendor Red Hat
Product Ansible
Weakness CWE-20 · Input validation
Published July 26, 2018
Last update August 6, 2024

CVSS base score

2.2/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

Key dates

02Disclosure timeline

July 26, 2018 CVE published
August 6, 2024 Record updated