CVE-2017-7466 (retired)

Priority
Description
Ansible before version 2.3 has an input validation vulnerability in the
handling of data sent from client systems. An attacker with control over a
client system being managed by Ansible, and the ability to send facts back
to the Ansible server, could use this flaw to execute arbitrary code on the
Ansible server using the Ansible server privileges.
Assigned-to
mikesalvatore
Notes
msalvatoreThis CVE identifies an incompete fix for CVE-2016-9587
Package
Upstream:released (2.2.1.0-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.0.0.2-2ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.5.1+dfsg-1)
More Information

Updated: 2019-10-09 08:01:35 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)