csaf_suse - suse-su-2017:3029-1

suse-su-2017:3029-1

Vulnerability from csaf_suse

Published

2017-11-17 12:26

Modified

2017-11-17 12:26

Summary

Security update for ansible and monasca-installer

Notes

Title of the patch

Security update for ansible and monasca-installer

Description of the patch

This update for ansible provides version 2.2.3.0 and fixes the following security issues: - CVE-2017-7481: Data for lookup plugins used as variables was not being marked as 'unsafe' and could lead to unintentional disclosure of information. (bsc#1038785) - CVE-2016-9587: Prevent compromised host to execute commands on the controller (bsc#1019021). - CVE-2017-7466: Prevent arbitrary code execution on control nodes. For more information about the upstream bugs fixed, please see /usr/share/doc/packages/ansible/CHANGELOG.md Additionally, monasca-installer received several compatibility fixes for ansible.

Patchnames

SUSE-OpenStack-Cloud-7-2017-1793

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ansible and monasca-installer",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ansible provides version 2.2.3.0 and fixes the following security issues:\n\n- CVE-2017-7481: Data for lookup plugins used as variables was not being marked as \u0027unsafe\u0027 and could lead to\n  unintentional disclosure of information. (bsc#1038785)\n- CVE-2016-9587: Prevent compromised host to execute commands on the controller (bsc#1019021).\n- CVE-2017-7466: Prevent arbitrary code execution on control nodes.\n\nFor more information about the upstream bugs fixed, please see /usr/share/doc/packages/ansible/CHANGELOG.md\n\nAdditionally, monasca-installer received several compatibility fixes for ansible.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-OpenStack-Cloud-7-2017-1793",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3029-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:3029-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173029-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:3029-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-November/003400.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1019021",
        "url": "https://bugzilla.suse.com/1019021"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1038785",
        "url": "https://bugzilla.suse.com/1038785"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1056094",
        "url": "https://bugzilla.suse.com/1056094"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9587 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9587/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7466 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7466/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7481 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7481/"
      }
    ],
    "title": "Security update for ansible and monasca-installer",
    "tracking": {
      "current_release_date": "2017-11-17T12:26:42Z",
      "generator": {
        "date": "2017-11-17T12:26:42Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:3029-1",
      "initial_release_date": "2017-11-17T12:26:42Z",
      "revision_history": [
        {
          "date": "2017-11-17T12:26:42Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ansible-2.2.3.0-5.1.noarch",
                "product": {
                  "name": "ansible-2.2.3.0-5.1.noarch",
                  "product_id": "ansible-2.2.3.0-5.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "monasca-installer-20170912_10.45-5.1.noarch",
                "product": {
                  "name": "monasca-installer-20170912_10.45-5.1.noarch",
                  "product_id": "monasca-installer-20170912_10.45-5.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 7",
                "product": {
                  "name": "SUSE OpenStack Cloud 7",
                  "product_id": "SUSE OpenStack Cloud 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ansible-2.2.3.0-5.1.noarch as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1.noarch"
        },
        "product_reference": "ansible-2.2.3.0-5.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "monasca-installer-20170912_10.45-5.1.noarch as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1.noarch"
        },
        "product_reference": "monasca-installer-20170912_10.45-5.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-9587",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9587"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1.noarch",
          "SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9587",
          "url": "https://www.suse.com/security/cve/CVE-2016-9587"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1019021 for CVE-2016-9587",
          "url": "https://bugzilla.suse.com/1019021"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1.noarch",
            "SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1.noarch",
            "SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-11-17T12:26:42Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-9587"
    },
    {
      "cve": "CVE-2017-7466",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7466"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1.noarch",
          "SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7466",
          "url": "https://www.suse.com/security/cve/CVE-2017-7466"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1019021 for CVE-2017-7466",
          "url": "https://bugzilla.suse.com/1019021"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1.noarch",
            "SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1.noarch",
            "SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-11-17T12:26:42Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7466"
    },
    {
      "cve": "CVE-2017-7481",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7481"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as \u0027unsafe\u0027 and is not evaluated.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1.noarch",
          "SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7481",
          "url": "https://www.suse.com/security/cve/CVE-2017-7481"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038785 for CVE-2017-7481",
          "url": "https://bugzilla.suse.com/1038785"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1.noarch",
            "SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1.noarch",
            "SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-11-17T12:26:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-7481"
    }
  ]
}

CVE-2017-7481 (GCVE-0-2017-7481)

Vulnerability from cvelistv5

Published

2018-07-19 13:00

Modified

2024-08-05 16:04

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

CWE-20

Summary

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2017:1599	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1334	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/98492	vdb-entry, x_refsource_BID
	https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1244	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1499	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2524	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1476	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/4072-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	ansible	Version: ansible 2.3.1.0 Version: ansible 2.4.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1599",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1599"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481"
          },
          {
            "name": "RHSA-2017:1334",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1334"
          },
          {
            "name": "98492",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98492"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2"
          },
          {
            "name": "RHSA-2017:1244",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1244"
          },
          {
            "name": "RHSA-2017:1499",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1499"
          },
          {
            "name": "RHSA-2017:2524",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2524"
          },
          {
            "name": "RHSA-2017:1476",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1476"
          },
          {
            "name": "USN-4072-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4072-1/"
          },
          {
            "name": "[debian-lts-announce] 20210127 [SECURITY] [DLA 2535-1] ansible security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ansible",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "ansible 2.3.1.0"
            },
            {
              "status": "affected",
              "version": "ansible 2.4.0.0"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as \u0027unsafe\u0027 and is not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-27T23:06:14",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:1599",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1599"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481"
        },
        {
          "name": "RHSA-2017:1334",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1334"
        },
        {
          "name": "98492",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98492"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2"
        },
        {
          "name": "RHSA-2017:1244",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1244"
        },
        {
          "name": "RHSA-2017:1499",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1499"
        },
        {
          "name": "RHSA-2017:2524",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2524"
        },
        {
          "name": "RHSA-2017:1476",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1476"
        },
        {
          "name": "USN-4072-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4072-1/"
        },
        {
          "name": "[debian-lts-announce] 20210127 [SECURITY] [DLA 2535-1] ansible security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-7481",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ansible",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ansible 2.3.1.0"
                          },
                          {
                            "version_value": "ansible 2.4.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as \u0027unsafe\u0027 and is not evaluated."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "5.3/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1599",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1599"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481"
            },
            {
              "name": "RHSA-2017:1334",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1334"
            },
            {
              "name": "98492",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98492"
            },
            {
              "name": "https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2",
              "refsource": "CONFIRM",
              "url": "https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2"
            },
            {
              "name": "RHSA-2017:1244",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1244"
            },
            {
              "name": "RHSA-2017:1499",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1499"
            },
            {
              "name": "RHSA-2017:2524",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2524"
            },
            {
              "name": "RHSA-2017:1476",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1476"
            },
            {
              "name": "USN-4072-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4072-1/"
            },
            {
              "name": "[debian-lts-announce] 20210127 [SECURITY] [DLA 2535-1] ansible security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7481",
    "datePublished": "2018-07-19T13:00:00",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9587 (GCVE-0-2016-9587)

Vulnerability from cvelistv5

Published

2018-04-24 16:00

Modified

2024-08-06 02:59

Severity ?

6.6 (Medium) - CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20

Summary

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2017:0515	vendor-advisory, x_refsource_REDHAT
	https://www.exploit-db.com/exploits/41013/	exploit, x_refsource_EXPLOIT-DB
	https://security.gentoo.org/glsa/201701-77	vendor-advisory, x_refsource_GENTOO
	https://access.redhat.com/errata/RHSA-2017:1685	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/95352	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:0448	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0195.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0260.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	unspecified	Ansible	Version: ansible 2.1.4 Version: ansible 2.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:02.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0515",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0515"
          },
          {
            "name": "41013",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41013/"
          },
          {
            "name": "GLSA-201701-77",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-77"
          },
          {
            "name": "RHSA-2017:1685",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1685"
          },
          {
            "name": "95352",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95352"
          },
          {
            "name": "RHSA-2017:0448",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0448"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"
          },
          {
            "name": "RHSA-2017:0195",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html"
          },
          {
            "name": "RHSA-2017:0260",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ansible",
          "vendor": "unspecified",
          "versions": [
            {
              "status": "affected",
              "version": "ansible 2.1.4"
            },
            {
              "status": "affected",
              "version": " ansible 2.2.1"
            }
          ]
        }
      ],
      "datePublic": "2017-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-25T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:0515",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0515"
        },
        {
          "name": "41013",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41013/"
        },
        {
          "name": "GLSA-201701-77",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-77"
        },
        {
          "name": "RHSA-2017:1685",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1685"
        },
        {
          "name": "95352",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95352"
        },
        {
          "name": "RHSA-2017:0448",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0448"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"
        },
        {
          "name": "RHSA-2017:0195",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html"
        },
        {
          "name": "RHSA-2017:0260",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-9587",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ansible",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ansible 2.1.4"
                          },
                          {
                            "version_value": " ansible 2.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": ""
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            [
              {
                "vectorString": "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0515",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0515"
            },
            {
              "name": "41013",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41013/"
            },
            {
              "name": "GLSA-201701-77",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-77"
            },
            {
              "name": "RHSA-2017:1685",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1685"
            },
            {
              "name": "95352",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95352"
            },
            {
              "name": "RHSA-2017:0448",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0448"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"
            },
            {
              "name": "RHSA-2017:0195",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html"
            },
            {
              "name": "RHSA-2017:0260",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-9587",
    "datePublished": "2018-04-24T16:00:00",
    "dateReserved": "2016-11-23T00:00:00",
    "dateUpdated": "2024-08-06T02:59:02.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-7466 (GCVE-0-2017-7466)

Vulnerability from cvelistv5

Published

2018-06-22 13:00

Modified

2024-08-05 16:04

Severity ?

8.0 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-20

Summary

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2017:1599	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1334	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/97595	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:1685	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1244	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1499	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1476	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	ansible	Version: ansible 2.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.382Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1599",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1599"
          },
          {
            "name": "RHSA-2017:1334",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1334"
          },
          {
            "name": "97595",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97595"
          },
          {
            "name": "RHSA-2017:1685",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1685"
          },
          {
            "name": "RHSA-2017:1244",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1244"
          },
          {
            "name": "RHSA-2017:1499",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1499"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466"
          },
          {
            "name": "RHSA-2017:1476",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1476"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ansible",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "ansible 2.3"
            }
          ]
        }
      ],
      "datePublic": "2018-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-23T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:1599",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1599"
        },
        {
          "name": "RHSA-2017:1334",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1334"
        },
        {
          "name": "97595",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97595"
        },
        {
          "name": "RHSA-2017:1685",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1685"
        },
        {
          "name": "RHSA-2017:1244",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1244"
        },
        {
          "name": "RHSA-2017:1499",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1499"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466"
        },
        {
          "name": "RHSA-2017:1476",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1476"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-7466",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ansible",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ansible 2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "8.0/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1599",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1599"
            },
            {
              "name": "RHSA-2017:1334",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1334"
            },
            {
              "name": "97595",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97595"
            },
            {
              "name": "RHSA-2017:1685",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1685"
            },
            {
              "name": "RHSA-2017:1244",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1244"
            },
            {
              "name": "RHSA-2017:1499",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1499"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466"
            },
            {
              "name": "RHSA-2017:1476",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1476"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7466",
    "datePublished": "2018-06-22T13:00:00",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2017:3029-1

Vulnerability from csaf_suse

CVE-2017-7481 (GCVE-0-2017-7481)

Vulnerability from cvelistv5

CVE-2016-9587 (GCVE-0-2016-9587)

Vulnerability from cvelistv5

CVE-2017-7466 (GCVE-0-2017-7466)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature