PYSEC-2015-1 — Vulnetix

PYSEC-2015-1 PUBLISHED

Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected Products

Vendor	Product	Versions
PyPI	ansible	0, 1.6.9, 1.1

Timeline

Aug 12, 2015 CVE Published
Nov 8, 2023 CVE Updated

References

http://lists.opensuse.org/opensuse-updates/2015-07/msg00051.html url
http://www.openwall.com/lists/oss-security/2015/07/14/4 url
http://www.ansible.com/security url
http://lists.opensuse.org/opensuse-updates/2015-08/msg00029.html url
https://github.com/advisories/GHSA-w64c-pxjj-h866 advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html advisory

Open in Interactive Console →