VulnerableCode Package Details - pkg:rpm/redhat/ansible@2.3.0.0-4?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-fetz-42jf-nqe8 Aliases: CVE-2016-8647 GHSA-x4cm-m36h-c6qj PYSEC-2018-58	An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.	There are no reported fixed by versions.
VCID-jhxm-379u-subt Aliases: CVE-2017-7466 GHSA-3m8p-xpm6-8ww3 PYSEC-2018-40	Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.	There are no reported fixed by versions.
VCID-yc8n-wxb4-1uaz Aliases: CVE-2016-9587 GHSA-m956-frf4-m2wr PYSEC-2018-39	Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-fetz-42jf-nqe8
Aliases:
CVE-2016-8647
GHSA-x4cm-m36h-c6qj
PYSEC-2018-58

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

There are no reported fixed by versions.

VCID-jhxm-379u-subt
Aliases:
CVE-2017-7466
GHSA-3m8p-xpm6-8ww3
PYSEC-2018-40

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

There are no reported fixed by versions.

VCID-yc8n-wxb4-1uaz
Aliases:
CVE-2016-9587
GHSA-m956-frf4-m2wr
PYSEC-2018-39

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:33:57.343760+00:00	RedHat Importer	Affected by	VCID-fetz-42jf-nqe8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8647.json	38.0.0
2026-04-01T14:32:40.174492+00:00	RedHat Importer	Affected by	VCID-yc8n-wxb4-1uaz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json	38.0.0
2026-04-01T14:31:11.783974+00:00	RedHat Importer	Affected by	VCID-jhxm-379u-subt	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7466.json	38.0.0