—

PYSEC-2018-38

상세

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / ansible

최초 영향 버전: 0 수정 버전: 2.2.0.0

수정 pip install --upgrade 'ansible>=2.2.0.0'

참고

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628 [REPORT]
https://access.redhat.com/errata/RHSA-2016:2778 [ADVISORY]
http://www.securityfocus.com/bid/94109 [WEB]
https://github.com/advisories/GHSA-jg4f-jqm5-4mgq [ADVISORY]