VDB
CVE-2017-7466
CVE-2017-7466
PUBLISHED
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
EPSS 2.66% · 86.1th percentile
Risk Scores
EPSS Score
2.66%
86.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | ansible | 0, 1.9.2+dfsg-2, 1.9.4-1 |
Timeline
- May 17, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-7466 third-party-advisory
- https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079 third-party-advisory
- http://www.securityfocus.com/bid/97595 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-7466 third-party-advisory