OpenCVE

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Ansible Openshift

Configuration 1 [-]

cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 3.2
ansible-0:2.2.0.0-1.el7	cpe:/a:redhat:openshift:3.2::el7	RHSA-2016:2778	2016-11-15T00:00:00Z
openshift-ansible-0:3.2.42-1.git.0.6b09be9.el7	cpe:/a:redhat:openshift:3.2::el7	RHSA-2016:2778	2016-11-15T00:00:00Z
Red Hat OpenShift Container Platform 3.3
ansible-0:2.2.0.0-1.el7	cpe:/a:redhat:openshift:3.3::el7	RHSA-2016:2778	2016-11-15T00:00:00Z
openshift-ansible-0:3.3.50-1.git.0.5bdbeaa.el7	cpe:/a:redhat:openshift:3.3::el7	RHSA-2016:2778	2016-11-15T00:00:00Z

References

Link	Providers
http://www.securityfocus.com/bid/94109
https://access.redhat.com/errata/RHSA-2016:2778
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628
https://nvd.nist.gov/vuln/detail/CVE-2016-8628
https://www.cve.org/CVERecord?id=CVE-2016-8628

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-07-31T20:00:00

Updated: 2024-08-06T02:27:40.971Z

Reserved: 2016-10-12T00:00:00

Link: CVE-2016-8628

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-31T20:29:00.323

Modified: 2023-11-07T02:36:25.263

Link: CVE-2016-8628

Redhat

Severity : Moderate

Publid Date: 2016-11-01T00:00:00Z

Links: CVE-2016-8628 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Ansible", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "2.2.0"}]}], "datePublic": "2016-11-01T00:00:00", "descriptions": [{"lang": "en", "value": "Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-08-01T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2016:2778", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:2778"}, {"name": "94109", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94109"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8628", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ansible", "version": {"version_data": [{"version_value": "2.2.0"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as."}]}, "impact": {"cvss": [[{"vectorString": "7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}], [{"vectorString": "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-77"}]}]}, "references": {"reference_data": [{"name": "RHSA-2016:2778", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:2778"}, {"name": "94109", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94109"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:27:40.971Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2016:2778", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:2778"}, {"name": "94109", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94109"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-8628", "datePublished": "2018-07-31T20:00:00", "dateReserved": "2016-10-12T00:00:00", "dateUpdated": "2024-08-06T02:27:40.971Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "matchCriteriaId": "595884EA-DBD0-4E8D-A503-C7F6D4E3CCC2", "versionEndExcluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as."}, {"lang": "es", "value": "Ansible en versiones anteriores a la 2.2.0 no sanea correctamente las variables de hecho enviadas desde el controlador de Ansible. Un atacante que pueda crear variables especiales en el controlador podr\u00eda ejecutar comandos arbitrarios en los clientes de Ansible como el usuario como el que se ejecuta Ansible."}], "id": "CVE-2016-8628", "lastModified": "2023-11-07T02:36:25.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-07-31T20:29:00.323", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94109"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:2778"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Michael Scherer (Red Hat).", "affected_release": [{"advisory": "RHSA-2016:2778", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "ansible-0:2.2.0.0-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2778", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "openshift-ansible-0:3.2.42-1.git.0.6b09be9.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2778", "cpe": "cpe:/a:redhat:openshift:3.3::el7", "package": "ansible-0:2.2.0.0-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.3", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2778", "cpe": "cpe:/a:redhat:openshift:3.3::el7", "package": "openshift-ansible-0:3.3.50-1.git.0.5bdbeaa.el7", "product_name": "Red Hat OpenShift Container Platform 3.3", "release_date": "2016-11-15T00:00:00Z"}], "bugzilla": {"description": "ansible: Command injection by compromised server via fact variables", "id": "1388113", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388113"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-77", "details": ["Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.", "Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as."], "name": "CVE-2016-8628", "package_state": [{"cpe": "cpe:/a:redhat:storage:3.1", "fix_state": "Not affected", "package_name": "ansible", "product_name": "Red Hat Gluster Storage 3.1"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "ansible", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:qci:1.0::el7", "fix_state": "Affected", "package_name": "ansible", "product_name": "Red Hat Quickstart Cloud Installer 1"}, {"cpe": "cpe:/a:redhat:rhscon:2", "fix_state": "Not affected", "package_name": "ansible", "product_name": "Red Hat Storage Console 2"}], "public_date": "2016-11-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-8628\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8628"], "threat_severity": "Moderate", "upstream_fix": "Ansible 2.2.0"}