CVE-2016-9587

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*

History

13 Sep 2021, 10:50

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

04 Aug 2021, 17:15

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:openstack:11.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*

Information

Published : 2018-04-24 16:29

Updated : 2024-02-04 19:46


NVD link : CVE-2016-9587

Mitre link : CVE-2016-9587

CVE.ORG link : CVE-2016-9587


JSON object : View

Products Affected

redhat

  • ansible
  • openstack

ansible

  • ansible
CWE
CWE-20

Improper Input Validation