PYSEC-2018-58 — Vulnetix

PYSEC-2018-58 PUBLISHED CVSS 8.699999809265137 HIGH

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
PyPI	ansible	1.1, 0, 1.0

Timeline

Jul 26, 2018 CVE Published
Nov 8, 2023 CVE Updated
May 1, 2026 Distribution Patch
May 1, 2026 Security Advisory

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647 report
https://github.com/advisories/GHSA-x4cm-m36h-c6qj advisory
https://github.com/ansible/ansible-modules-core/pull/5388 fix
https://access.redhat.com/errata/RHSA-2017:1685 advisory

Open in Interactive Console →