PT-2018-4076 · Red Hat+1 · Ansible+1

Antong

·

Publicado

2018-05-04

·

Atualizado

2018-10-10

·

CVE-2013-2233

CVSS v4.0

9.1

Crítica

VetorAV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Ansible versions prior to 1.2.1
Description The issue makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
Recommendations For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-320

Identificadores relacionados

CVE-2013-2233
GHSA-9X6Q-5423-W5V9
PYSEC-2018-36

Produtos afetados

Ansible
Ansible-Core