CVE-2016-8647
Ansible: in some circumstances the mysql_user module may fail to correctly change a password
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
Se ha detectado una vulnerabilidad de validación de entradas en el módulo mysql_user de Ansible en versiones anteriores a la 2.2.1.0, el cual puede fallar a la hora de cambiar correctamente una contraseña en determinadas circunstancias. Entonces, la contraseña anterior seguiría activa cuando se debería haber cambiado.
An input validation vulnerability was found in Ansible's mysql_user module which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-12 CVE Reserved
- 2017-07-06 CVE Published
- 2024-05-10 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/ansible/ansible-modules-core/pull/5388 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1685 | 2024-01-26 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647 | 2024-01-26 | |
https://access.redhat.com/security/cve/CVE-2016-8647 | 2017-07-06 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1396174 | 2017-07-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Ansible Engine Search vendor "Redhat" for product "Ansible Engine" | < 2.2.1.0 Search vendor "Redhat" for product "Ansible Engine" and version " < 2.2.1.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Virtualization Search vendor "Redhat" for product "Virtualization" | 4.1 Search vendor "Redhat" for product "Virtualization" and version "4.1" | - |
Affected
|