PT-2018-8386 · Red Hat+2 · Ansible+2

Adam Mariš

Publicado

2017-10-13

Atualizado

2026-06-03

CVE-2017-7466

CVSS v4.0

8.6

Alta

Vetor

AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.3

Description The issue is related to input validation in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

Recommendations For versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Ansible server and limiting the privileges of the Ansible server to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2017-2423

CVE-2017-7466

GHSA-3M8P-XPM6-8WW3

OPENSUSE-SU-2019:0238-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

OPENSUSE-SU-2026:10944-1

PYSEC-2018-40

RHSA-2017:1244

RHSA-2017:1334

RHSA-2017:1476

RHSA-2017:1499

RHSA-2017:1599

RHSA-2017:1685

SUSE-SU-2017:3029-1

SUSE-SU-2020:3309-1

Produtos afetados

Alt Linux

Ansible

Ansible-Core

PT-2018-8386 · Red Hat+2 · Ansible+2

CVE-2017-7466

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 158