Back to bug 1404378
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Kurt Seifried | 2016-12-13 17:06:51 UTC | CC | security-response-team | |
| Kurt Seifried | 2016-12-13 17:11:08 UTC | Blocks | 1404380 | |
| Kurt Seifried | 2016-12-13 17:12:30 UTC | CC | jlaska, notting | |
| Kurt Seifried | 2016-12-14 16:28:16 UTC | CC | jmckerr | |
| Kurt Seifried | 2016-12-14 16:48:42 UTC | Whiteboard | impact=important,public=no,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected | impact=important,public=no,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix |
| Kurt Seifried | 2016-12-14 16:53:36 UTC | Whiteboard | impact=important,public=no,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix | impact=important,public=no,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=wontfix |
| Kurt Seifried | 2016-12-14 16:53:55 UTC | Whiteboard | impact=important,public=no,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=wontfix | impact=important,public=no,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected |
| Kurt Seifried | 2016-12-14 16:54:35 UTC | Whiteboard | impact=important,public=no,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected | impact=important,public=no,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected |
| Kurt Seifried | 2016-12-14 16:54:42 UTC | CC | sgirijan, sisharma, smohan, ssaha, vbellur | |
| Jason McKerr | 2016-12-14 17:54:37 UTC | CC | abutcher | |
| Jason McKerr | 2016-12-14 17:54:56 UTC | CC | jdetiber | |
| Jason McKerr | 2016-12-14 17:55:29 UTC | CC | sdodson | |
| Kurt Seifried | 2016-12-19 21:46:45 UTC | CC | jcammara | |
| Tim Suter | 2017-01-06 03:05:56 UTC | Blocks | 1410660 | |
| Tim Suter | 2017-01-06 03:08:53 UTC | Whiteboard | impact=important,public=no,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected | impact=important,public=no,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=new |
| Tim Suter | 2017-01-06 03:09:02 UTC | CC | aortega, apevec, ayoung, chrisw, cvsbot-xmlrpc, jjoyce, jschluet, kbasil, lhh, lpeer, markmc, rbryant, sclewis, slinaber, tdecacqu, tvignaud | |
| Siddharth Sharma | 2017-01-06 03:42:28 UTC | Depends On | 1410667 | |
| Siddharth Sharma | 2017-01-06 03:43:35 UTC | Depends On | 1410669 | |
| Brenton Leanhardt | 2017-01-09 21:03:27 UTC | Flags | needinfo?(jcammara) | |
| Kurt Seifried | 2017-01-10 03:46:37 UTC | Whiteboard | impact=important,public=no,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=new | impact=important,public=20170109,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=new |
| Kurt Seifried | 2017-01-10 03:46:51 UTC | Summary | EMBARGOED CVE-2016-9587 Ansible: Compromised remote hosts can lead to running commands on the Ansible controller | CVE-2016-9587 Ansible: Compromised remote hosts can lead to running commands on the Ansible controller |
| Kurt Seifried | 2017-01-10 03:47:02 UTC | Group | security, qe_staff | |
| Salvatore Bonaccorso | 2017-01-10 16:47:46 UTC | CC | carnil | |
| Bryan Totty | 2017-01-11 14:47:36 UTC | CC | btotty | |
| Flags | needinfo?(kseifried) | |||
| Kurt Seifried | 2017-01-11 19:08:40 UTC | Doc Text | An input validation vulnerability is present in Ansible’s handling of facts sent from client systems. An attacker would need control over a client system being managed by Ansible and would need to have the ability to send facts back to the Ansible server. Exploitation could result in command or code execution on the Ansible server as the user and group Ansible is running as. | |
| Flags | needinfo?(jcammara) needinfo?(kseifried) | |||
| Kurt Seifried | 2017-01-11 19:12:59 UTC | Doc Text | An input validation vulnerability is present in Ansible’s handling of facts sent from client systems. An attacker would need control over a client system being managed by Ansible and would need to have the ability to send facts back to the Ansible server. Exploitation could result in command or code execution on the Ansible server as the user and group Ansible is running as. | An input validation vulnerability is present in Ansible’s handling of data sent from client systems. An attacker would need control over a client system being managed by Ansible and would need to have the ability to send facts back to the Ansible server. Exploitation could result in command or code execution on the Ansible server as the user and group Ansible is running as. |
| Ken Dreyer (Red Hat) | 2017-01-11 20:11:02 UTC | CC | kdreyer | |
| Kurt Seifried | 2017-01-11 20:43:40 UTC | Whiteboard | impact=important,public=20170109,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=new | impact=important,public=20170109,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=new,fedora-all/ansible=affected,epel-all/ansible=affected |
| Kurt Seifried | 2017-01-11 20:45:07 UTC | Depends On | 1412356 | |
| Kurt Seifried | 2017-01-11 20:45:19 UTC | Depends On | 1412357 | |
| Jon Schlueter | 2017-01-11 20:58:36 UTC | Flags | needinfo?(kseifried) | |
| Garth Mollett | 2017-01-11 21:08:49 UTC | Whiteboard | impact=important,public=20170109,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=new,fedora-all/ansible=affected,epel-all/ansible=affected | impact=important,public=20170109,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=affected,openstack-11/ansible=affected,fedora-all/ansible=affected,epel-all/ansible=affected |
| Garth Mollett | 2017-01-11 21:09:07 UTC | CC | rhos-maint | |
| Garth Mollett | 2017-01-11 21:10:26 UTC | Depends On | 1412370 | |
| Garth Mollett | 2017-01-11 21:10:30 UTC | Depends On | 1412371 | |
| Garth Mollett | 2017-01-11 21:23:34 UTC | CC | gmollett | |
| Flags | needinfo?(kseifried) | |||
| Martin Prpič | 2017-01-12 09:07:41 UTC | Doc Text | An input validation vulnerability is present in Ansible’s handling of data sent from client systems. An attacker would need control over a client system being managed by Ansible and would need to have the ability to send facts back to the Ansible server. Exploitation could result in command or code execution on the Ansible server as the user and group Ansible is running as. | An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server as the user and group Ansible is running as. |
| Kurt Seifried | 2017-01-12 19:15:10 UTC | Whiteboard | impact=important,public=20170109,reported=20161212,source=internet,cvss2=7.5/AV:N/AC:M/Au:S/C:P/I:C/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=affected,openstack-11/ansible=affected,fedora-all/ansible=affected,epel-all/ansible=affected | impact=important,public=20170109,reported=20161212,source=internet,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=affected,openstack-11/ansible=affected,fedora-all/ansible=affected,epel-all/ansible=affected |
| Kurt Seifried | 2017-01-12 19:17:25 UTC | Whiteboard | impact=important,public=20170109,reported=20161212,source=internet,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=affected,openstack-11/ansible=affected,fedora-all/ansible=affected,epel-all/ansible=affected | impact=important,public=20170109,reported=20161212,source=internet,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=6.6/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=affected,openstack-11/ansible=affected,fedora-all/ansible=affected,epel-all/ansible=affected |
| Jonathan Moore | 2017-01-12 20:07:41 UTC | CC | jonathan.moore | |
| Eric Siskonen | 2017-01-12 20:56:22 UTC | CC | esiskonen | |
| Kurt Seifried | 2017-01-12 21:28:27 UTC | Whiteboard | impact=important,public=20170109,reported=20161212,source=internet,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=6.6/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=affected,openstack-11/ansible=affected,fedora-all/ansible=affected,epel-all/ansible=affected | impact=important,public=20170109,reported=20161212,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=6.6/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=affected,openstack-11/ansible=affected,fedora-all/ansible=affected,epel-all/ansible=affected |
| Jeff Richards | 2017-01-13 16:27:10 UTC | CC | jeffrey.f.richards | |
| Rejy M Cyriac | 2017-01-17 08:40:16 UTC | CC | rcyriac | |
| Jon Schlueter | 2017-01-17 16:16:19 UTC | Flags | needinfo?(jcammara) | |
| Jon Schlueter | 2017-01-19 11:54:58 UTC | Flags | needinfo?(kseifried) | |
| Alan Pevec | 2017-01-19 12:03:24 UTC | Flags | needinfo?(jcammara) needinfo?(kseifried) | |
| Siddharth Sharma | 2017-01-20 05:24:00 UTC | Blocks | 1415044 | |
| Summer Long | 2017-01-24 00:08:27 UTC | CC | slong | |
| Doc Text | An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server as the user and group Ansible is running as. | An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible-server privileges. | ||
| Jeff Richards | 2017-01-25 17:10:48 UTC | CC | jeffrey.f.richards | |
| John Osborne | 2017-02-28 20:10:52 UTC | CC | josborne | |
| Kurt Seifried | 2017-02-28 20:21:23 UTC | Depends On | 1427654 | |
| Kurt Seifried | 2017-02-28 20:21:25 UTC | Depends On | 1427655 | |
| Kurt Seifried | 2017-02-28 20:28:33 UTC | Depends On | 1427656 | |
| Tomas Hoger | 2017-03-02 10:07:37 UTC | Doc Text | An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible-server privileges. | An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. |
| Sandro Bonazzola | 2017-04-28 09:37:36 UTC | Flags | needinfo?(kseifried) | |
| Kurt Seifried | 2017-05-03 03:00:44 UTC | Whiteboard | impact=important,public=20170109,reported=20161212,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=6.6/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=affected,openstack-11/ansible=affected,fedora-all/ansible=affected,epel-all/ansible=affected | impact=important,public=20170109,reported=20161212,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=6.6/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=affected,openstack-11/ansible=affected,fedora-all/ansible=affected,epel-all/ansible=affected,rhev-m-4/ansible=affected |
| Kurt Seifried | 2017-05-03 03:01:04 UTC | CC | bmcclain, dblechte, eedri, mgoldboi, michal.skrivanek, sbonazzo, sherold, ydary, ykaul | |
| Kurt Seifried | 2017-05-03 03:12:23 UTC | Flags | needinfo?(kseifried) | |
| Kurt Seifried | 2017-05-03 03:13:54 UTC | Depends On | 1447506 | |
| Kurt Seifried | 2017-06-03 02:35:46 UTC | Blocks | 1456591 | |
| Eric Christensen | 2017-07-05 16:16:24 UTC | Whiteboard | impact=important,public=20170109,reported=20161212,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=6.6/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=affected,openstack-11/ansible=affected,fedora-all/ansible=affected,epel-all/ansible=affected,rhev-m-4/ansible=affected | impact=important,public=20170109,reported=20161212,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=6.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=affected,openstack-11/ansible=affected,fedora-all/ansible=affected,epel-all/ansible=affected,rhev-m-4/ansible=affected |
| Scott Herold | 2017-09-12 15:29:37 UTC | CC | sherold | |
| Adam Young | 2017-10-18 18:53:50 UTC | CC | ayoung | |
| PnT Account Manager | 2018-01-31 00:09:28 UTC | CC | aortega | |
| PnT Account Manager | 2018-02-15 14:15:21 UTC | CC | jdetiber | |
| Laura Pardo | 2018-04-24 14:25:29 UTC | Fixed In Version | ansible 2.1.4, ansible 2.2.1 | |
| PnT Account Manager | 2018-06-29 22:16:38 UTC | CC | kseifried | |
| PnT Account Manager | 2018-11-05 22:50:10 UTC | CC | ylavi | |
| PnT Account Manager | 2019-05-31 14:22:15 UTC | CC | smohan | |
| Product Security DevOps Team | 2019-06-08 03:04:22 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 03:04:22 UTC | |||
| Product Security DevOps Team | 2019-09-29 14:02:45 UTC | Whiteboard | impact=important,public=20170109,reported=20161212,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=6.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,openshift-enterprise-3/ansible=affected,qci-1/ansible=wontfix,rhscon-2/ansible=affected,rhes-3.1/ansible=affected,openstack-10/ansible=affected,openstack-11/ansible=affected,fedora-all/ansible=affected,epel-all/ansible=affected,rhev-m-4/ansible=affected |
Back to bug 1404378