CVE-2017-7466 HIGH

CVE-2017-7466

Vendor [Unknown]

Product ansible

Weakness CWE-20 · Input validation

Published June 22, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

8.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

Key dates

02Disclosure timeline

June 22, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-7466 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

CVE-2017-7466

01Description

02Disclosure timeline

03References

04Related CVE