CVE-2017-7466 - OpenCVE

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Openstack Ansible

Configuration 1 [-]

cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:openstack:10:::::::*
	cpe:2.3:a:redhat:openstack:11:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/97595	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1244	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1334	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1476	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1499	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1599	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1685	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466	Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-06-22T13:00:00

Updated: 2018-06-23T09:57:01

Reserved: 2017-04-05T00:00:00

Link: CVE-2017-7466

JSON object: View

NVD Information

Status : Modified

Published: 2018-06-22T13:29:00.277

Modified: 2021-08-04T17:15:29.523

Link: CVE-2017-7466

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "ansible", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "ansible 2.3"}]}], "datePublic": "2018-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-23T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:1599", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1599"}, {"name": "RHSA-2017:1334", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1334"}, {"name": "97595", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97595"}, {"name": "RHSA-2017:1685", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1685"}, {"name": "RHSA-2017:1244", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1244"}, {"name": "RHSA-2017:1499", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1499"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466"}, {"name": "RHSA-2017:1476", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1476"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7466", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ansible", "version": {"version_data": [{"version_value": "ansible 2.3"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."}]}, "impact": {"cvss": [[{"vectorString": "8.0/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:1599", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1599"}, {"name": "RHSA-2017:1334", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1334"}, {"name": "97595", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97595"}, {"name": "RHSA-2017:1685", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1685"}, {"name": "RHSA-2017:1244", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1244"}, {"name": "RHSA-2017:1499", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1499"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466"}, {"name": "RHSA-2017:1476", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1476"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7466", "datePublished": "2018-06-22T13:00:00", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2018-06-23T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "matchCriteriaId": "17F74DE0-4CE3-45DD-8217-DE1700F66B82", "versionEndExcluding": "2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "matchCriteriaId": "4E9AF77C-5D49-4842-9817-AD710A919073", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."}, {"lang": "es", "value": "Ansible en versiones anteriores a la 2.3 tiene una vulnerabilidad de validaci\u00f3n de entradas en la gesti\u00f3n de datos enviados desde los sistemas del cliente. Un atacante que tenga el control de un sistema de cliente gestionado por Ansible y la capacidad de enviar hechos de vuelta al servidor de Ansible podr\u00eda usar este error para ejecutar c\u00f3digo arbitrario en el servidor de Ansible utilizando los privilegios del servidor de Ansible."}], "id": "CVE-2017-7466", "lastModified": "2021-08-04T17:15:29.523", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-06-22T13:29:00.277", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97595"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1244"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1334"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1476"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1499"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1599"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1685"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}]}