PT-2018-8386 · Red Hat+2 · Ansible+2

Adam Mariš

Published

2017-10-13

Updated

2026-06-03

CVE-2017-7466

CVSS v4.0

8.6

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.3

Description The issue is related to input validation in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

Recommendations For versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Ansible server and limiting the privileges of the Ansible server to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2017-2423

CVE-2017-7466

GHSA-3M8P-XPM6-8WW3

OPENSUSE-SU-2019:0238-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

OPENSUSE-SU-2026:10944-1

PYSEC-2018-40

RHSA-2017:1244

RHSA-2017:1334

RHSA-2017:1476

RHSA-2017:1499

RHSA-2017:1599

RHSA-2017:1685

SUSE-SU-2017:3029-1

SUSE-SU-2020:3309-1

Affected Products

Alt Linux

Ansible

Ansible-Core

PT-2018-8386 · Red Hat+2 · Ansible+2

CVE-2017-7466

Weakness Enumeration

Related Identifiers

Affected Products

References · 158