Back to bug 1388113
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-10-24 13:37:25 UTC | CC | security-response-team | |
| Adam Mariš | 2016-10-24 13:44:01 UTC | Blocks | 1388114 | |
| Adam Mariš | 2016-10-24 13:48:54 UTC | CC | mscherer | |
| Kurt Seifried | 2016-10-25 19:33:39 UTC | Alias | CVE-2016-8628 | |
| Kurt Seifried | 2016-10-25 19:33:54 UTC | Summary | EMBARGOED ansible: Command injection by compromised server via ansible_ssh_executable or ssh_args | EMBARGOED CVE-2016-8628 ansible: Command injection by compromised server via ansible_ssh_executable or ssh_args |
| Kurt Seifried | 2016-10-25 20:42:21 UTC | Whiteboard | impact=important,public=no,reported=20161023,source=researcher,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=new,rhes-3.0/ansible=new,openshift-enterprise-3/ansible=new,qci-1/ansible=new,openstack-10/ansible=new,fedora-all/ansible=affected,fedora-all/ansible1.9=affected,epel-all/ansible=affected,epel-all/ansible1.9=affected | impact=important,public=no,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=new,rhes-3.0/ansible=new,openshift-enterprise-3/ansible=new,qci-1/ansible=new,openstack-10/ansible=new,fedora-all/ansible=affected,fedora-all/ansible1.9=affected,epel-all/ansible=affected,epel-all/ansible1.9=affected |
| Kurt Seifried | 2016-11-01 15:21:42 UTC | Whiteboard | impact=important,public=no,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=new,rhes-3.0/ansible=new,openshift-enterprise-3/ansible=new,qci-1/ansible=new,openstack-10/ansible=new,fedora-all/ansible=affected,fedora-all/ansible1.9=affected,epel-all/ansible=affected,epel-all/ansible1.9=affected | impact=important,public=20161101,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=new,rhes-3.0/ansible=new,openshift-enterprise-3/ansible=new,qci-1/ansible=new,openstack-10/ansible=new,fedora-all/ansible=affected,fedora-all/ansible1.9=affected,epel-all/ansible=affected,epel-all/ansible1.9=affected |
| Kurt Seifried | 2016-11-01 15:21:55 UTC | Summary | EMBARGOED CVE-2016-8628 ansible: Command injection by compromised server via ansible_ssh_executable or ssh_args | CVE-2016-8628 ansible: Command injection by compromised server via ansible_ssh_executable or ssh_args |
| Kurt Seifried | 2016-11-01 15:22:09 UTC | Group | security, qe_staff | |
| Kurt Seifried | 2016-11-01 15:22:27 UTC | Depends On | 1390646 | |
| Kurt Seifried | 2016-11-01 15:22:41 UTC | Depends On | 1390647 | |
| Kurt Seifried | 2016-11-01 15:22:48 UTC | Depends On | 1390648 | |
| Kurt Seifried | 2016-11-01 15:22:57 UTC | Depends On | 1390649 | |
| Kurt Seifried | 2016-11-01 15:29:25 UTC | Summary | CVE-2016-8628 ansible: Command injection by compromised server via ansible_ssh_executable or ssh_args | CVE-2016-8628 ansible: Command injection by compromised server via fact variables |
| Kurt Seifried | 2016-11-01 15:34:58 UTC | Priority | high | medium |
| Severity | high | medium | ||
| Kurt Seifried | 2016-11-01 16:29:14 UTC | Whiteboard | impact=important,public=20161101,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=new,rhes-3.0/ansible=new,openshift-enterprise-3/ansible=new,qci-1/ansible=new,openstack-10/ansible=new,fedora-all/ansible=affected,fedora-all/ansible1.9=affected,epel-all/ansible=affected,epel-all/ansible1.9=affected | impact=important,public=20161101,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=affected,rhes-3.0/ansible=affected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=affected,fedora-all/ansible=affected,fedora-all/ansible1.9=affected,epel-all/ansible=affected,epel-all/ansible1.9=affected |
| Kurt Seifried | 2016-11-01 16:31:32 UTC | Depends On | 1390681 | |
| Adam Mariš | 2016-11-02 07:47:13 UTC | Whiteboard | impact=important,public=20161101,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=affected,rhes-3.0/ansible=affected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=affected,fedora-all/ansible=affected,fedora-all/ansible1.9=affected,epel-all/ansible=affected,epel-all/ansible1.9=affected | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=affected,rhes-3.0/ansible=affected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=affected,fedora-all/ansible=affected,fedora-all/ansible1.9=affected,epel-all/ansible=affected,epel-all/ansible1.9=affected |
| Rejy M Cyriac | 2016-11-02 09:18:18 UTC | CC | rcyriac | |
| Kurt Seifried | 2016-11-02 16:46:22 UTC | CC | sparks | |
| Doc Text | Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on the Ansible clients as the user Ansible runs as. | |||
| Flags | needinfo?(sparks) | |||
| Eric Christensen | 2016-11-03 00:57:21 UTC | Doc Text | Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on the Ansible clients as the user Ansible runs as. | Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as. |
| Eric Christensen | 2016-11-03 00:58:35 UTC | CC | sparks | |
| Flags | needinfo?(sparks) | |||
| errata-xmlrpc | 2016-11-04 20:20:35 UTC | Status | NEW | ON_QA |
| Kurt Seifried | 2016-11-14 18:24:00 UTC | Whiteboard | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=affected,rhes-3.0/ansible=affected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=affected,fedora-all/ansible=affected,fedora-all/ansible1.9=affected,epel-all/ansible=affected,epel-all/ansible1.9=affected | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=affected,rhes-3.0/ansible=affected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=affected,fedora-all/ansible=affected,fedora-all/ansible1.9=notaffected,epel-all/ansible=affected,epel-all/ansible1.9=notaffected |
| Kurt Seifried | 2016-11-16 01:05:36 UTC | Status | ON_QA | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-11-15 20:05:36 UTC | |||
| Garth Mollett | 2016-11-18 04:29:10 UTC | Status | CLOSED | NEW |
| CC | gmollett | |||
| Resolution | ERRATA | --- | ||
| Keywords | Reopened | |||
| Garth Mollett | 2016-11-18 04:29:49 UTC | Depends On | 1396333 | |
| Garth Mollett | 2016-12-15 05:16:53 UTC | Whiteboard | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=affected,rhes-3.0/ansible=affected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=affected,fedora-all/ansible=affected,fedora-all/ansible1.9=notaffected,epel-all/ansible=affected,epel-all/ansible1.9=notaffected | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=affected,rhes-3.0/ansible=affected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=notaffected,fedora-all/ansible=affected,fedora-all/ansible1.9=notaffected,epel-all/ansible=affected,epel-all/ansible1.9=notaffected |
| Garth Mollett | 2016-12-15 05:30:42 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-11-15 20:05:36 UTC | 2016-12-15 00:30:42 UTC | ||
| Siddharth Sharma | 2016-12-15 06:51:24 UTC | Whiteboard | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=affected,rhes-3.0/ansible=affected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=notaffected,fedora-all/ansible=affected,fedora-all/ansible1.9=notaffected,epel-all/ansible=affected,epel-all/ansible1.9=notaffected | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=notaffected,rhes-3.1/ansible=notaffected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=notaffected,fedora-all/ansible=affected,fedora-all/ansible1.9=notaffected,epel-all/ansible=affected,epel-all/ansible1.9=notaffected |
| Kurt Seifried | 2017-01-12 19:17:39 UTC | Whiteboard | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=notaffected,rhes-3.1/ansible=notaffected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=notaffected,fedora-all/ansible=affected,fedora-all/ansible1.9=notaffected,epel-all/ansible=affected,epel-all/ansible1.9=notaffected | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.6/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=notaffected,rhes-3.1/ansible=notaffected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=notaffected,fedora-all/ansible=affected,fedora-all/ansible1.9=notaffected,epel-all/ansible=affected,epel-all/ansible1.9=notaffected |
| Kurt Seifried | 2017-01-12 21:25:44 UTC | Whiteboard | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.6/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=notaffected,rhes-3.1/ansible=notaffected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=notaffected,fedora-all/ansible=affected,fedora-all/ansible1.9=notaffected,epel-all/ansible=affected,epel-all/ansible1.9=notaffected | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P),cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=notaffected,rhes-3.1/ansible=notaffected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=notaffected,fedora-all/ansible=affected,fedora-all/ansible1.9=notaffected,epel-all/ansible=affected,epel-all/ansible1.9=notaffected |
| Kurt Seifried | 2017-01-12 21:27:04 UTC | Whiteboard | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P),cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=notaffected,rhes-3.1/ansible=notaffected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=notaffected,fedora-all/ansible=affected,fedora-all/ansible1.9=notaffected,epel-all/ansible=affected,epel-all/ansible1.9=notaffected | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=notaffected,rhes-3.1/ansible=notaffected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=notaffected,fedora-all/ansible=affected,fedora-all/ansible1.9=notaffected,epel-all/ansible=affected,epel-all/ansible1.9=notaffected |
| Pedro Sampaio | 2018-07-31 18:50:21 UTC | Fixed In Version | Ansible 2.2.0 | |
| Product Security DevOps Team | 2019-09-29 13:58:49 UTC | Whiteboard | impact=moderate,public=20161101,reported=20161023,source=redhat,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-77,rhscon-2/ansible=notaffected,rhes-3.1/ansible=notaffected,openshift-enterprise-3/ansible=affected,qci-1/ansible=affected,openstack-10/ansible=notaffected,fedora-all/ansible=affected,fedora-all/ansible1.9=notaffected,epel-all/ansible=affected,epel-all/ansible1.9=notaffected |
Back to bug 1388113