CVE-2017-7466
An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
Find out more about CVE-2017-7466 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
| CVSS3 Base Score | 8 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat OpenShift Container Platform 3.5 (ansible) | RHSA-2017:1244 | 2017-05-17 |
| Red Hat OpenShift Container Platform 3.2 (ansible) | RHSA-2017:1244 | 2017-05-17 |
| Red Hat Virtualization 4 (ansible) | RHSA-2017:1685 | 2017-07-06 |
| Red Hat OpenStack Platform 11.0 (Ocata) (ansible) | RHSA-2017:1476 | 2017-06-15 |
| Red Hat OpenShift Container Platform 3.3 (ansible) | RHSA-2017:1244 | 2017-05-17 |
| Red Hat OpenShift Container Platform 3.4 (ansible) | RHSA-2017:1244 | 2017-05-17 |
| Red Hat Gluster Storage Server 3.2 on RHEL-7 (ansible) | RHSA-2017:1334 | 2017-05-25 |
| Red Hat OpenStack Platform 10 (ansible) | RHSA-2017:1599 | 2017-06-28 |
| Red Hat Storage Console Agent 2 (ansible) | RHSA-2017:1499 | 2017-06-19 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat OpenStack Platform 12.0 | ansible | Not affected |
