CVE-2017-7466

Priority
Description
Ansible before version 2.3 has an input validation vulnerability in the
handling of data sent from client systems. An attacker with control over a
client system being managed by Ansible, and the ability to send facts back
to the Ansible server, could use this flaw to execute arbitrary code on the
Ansible server using the Ansible server privileges.
Assigned-to
mikesalvatore
Notes
msalvatoreThis CVE identifies an incompete fix for CVE-2016-9587
Package
Upstream:released (2.2.1.0-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected ([code not present])
Ubuntu 16.04 LTS (Xenial Xerus):released (2.0.0.2-2ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.5.1+dfsg-1)
More Information

Updated: 2020-01-29 19:59:47 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)