PYSEC-2018-58

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2018-58.yaml

Aliases

CVE-2016-8647
GHSA-x4cm-m36h-c6qj

Published

2018-07-26T14:29:00Z

Modified

2023-11-08T03:58:36.649665Z

Details

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

References

https://github.com/ansible/ansible-modules-core/pull/5388
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647
https://access.redhat.com/errata/RHSA-2017:1685
https://github.com/advisories/GHSA-x4cm-m36h-c6qj

Affected packages

PyPI / ansible

Package

Name: ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.2.1.0

Affected versions

1.*

1.0

1.1

1.2

1.2.1

1.2.2

1.2.3

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.4

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.5

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.6

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.6.10

1.7

1.7.1

1.7.2

1.8

1.8.1

1.8.2

1.8.3

1.8.4

1.9.0

1.9.0.1

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

2.*

2.0.0

2.0.0.0

2.0.0.1

2.0.0.2

2.0.1.0

2.0.2.0

2.1.0.0

2.1.1.0

2.1.2.0

2.1.3.0

2.1.4.0

2.1.5.0

2.1.6.0

2.2.0.0