Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Ansible
  • Openshift
  • Openstack
  • Rhev Manager
  • Rhscon
  • Storage

Configuration 1 [-]

cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Gluster Storage 3.2 for RHEL 7
ansible-0:2.2.3.0-1.el7 cpe:/a:redhat:storage:3.2:server:el7 RHSA-2017:1334 2017-05-25T00:00:00Z
Red Hat OpenShift Container Platform 3.2
ansible-0:2.2.3.0-1.el7 cpe:/a:redhat:openshift:3.2::el7 RHSA-2017:1244 2017-05-17T00:00:00Z
openshift-ansible-0:3.2.56-1.git.0.b844ab7.el7 cpe:/a:redhat:openshift:3.2::el7 RHSA-2017:1244 2017-05-17T00:00:00Z
Red Hat OpenShift Container Platform 3.3
ansible-0:2.2.3.0-1.el7 cpe:/a:redhat:openshift:3.3::el7 RHSA-2017:1244 2017-05-17T00:00:00Z
openshift-ansible-0:3.3.82-1.git.0.af0c922.el7 cpe:/a:redhat:openshift:3.3::el7 RHSA-2017:1244 2017-05-17T00:00:00Z
Red Hat OpenShift Container Platform 3.4
ansible-0:2.2.3.0-1.el7 cpe:/a:redhat:openshift:3.4::el7 RHSA-2017:1244 2017-05-17T00:00:00Z
openshift-ansible-0:3.4.89-1.git.0.ac29ce8.el7 cpe:/a:redhat:openshift:3.4::el7 RHSA-2017:1244 2017-05-17T00:00:00Z
Red Hat OpenShift Container Platform 3.5
ansible-0:2.2.3.0-1.el7 cpe:/a:redhat:openshift:3.5::el7 RHSA-2017:1244 2017-05-17T00:00:00Z
openshift-ansible-0:3.5.71-1.git.0.128c2db.el7 cpe:/a:redhat:openshift:3.5::el7 RHSA-2017:1244 2017-05-17T00:00:00Z
Red Hat OpenStack Platform 10.0 (Newton)
ansible-0:2.2.3.0-1.el7 cpe:/a:redhat:openstack:10::el7 RHSA-2017:1599 2017-06-28T00:00:00Z
Red Hat OpenStack Platform 11.0 (Ocata)
ansible-0:2.2.3.0-1.el7 cpe:/a:redhat:openstack:11::el7 RHSA-2017:1476 2017-06-15T00:00:00Z
Red Hat Storage Console 2 for Red Hat Enteprise Linux 7
ansible-0:2.2.3.0-1.el7 cpe:/a:redhat:rhscon:2::el7 RHSA-2017:1499 2017-06-19T00:00:00Z
Red Hat Virtualization Engine 4.1
ansible-0:2.3.0.0-4.el7 cpe:/a:redhat:rhev_manager:4 RHSA-2017:1685 2017-07-06T00:00:00Z
References
Link Providers
http://www.securityfocus.com/bid/97595 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1244 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1334 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1476 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1499 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1599 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1685 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2017-7466 cve-icon
https://www.cve.org/CVERecord?id=CVE-2017-7466 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-06-22T13:00:00

Updated: 2024-08-05T16:04:11.382Z

Reserved: 2017-04-05T00:00:00

Link: CVE-2017-7466

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-06-22T13:29:00.277

Modified: 2021-08-04T17:15:29.523

Link: CVE-2017-7466

cve-icon Redhat

Severity : Important

Publid Date: 2017-04-11T00:00:00Z

Links: CVE-2017-7466 - Bugzilla