VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-9e5w-5m3m-aaaj

Essentials
Severities (138)
References (42)
Severity details (49)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-9e5w-5m3m-aaaj
Aliases	CVE-2017-7481 GHSA-w578-j992-554x PYSEC-2018-41
Summary	Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-20	Improper Input Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	Low	http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7481.html
cvssv3.1	9.8	https://access.redhat.com/errata/RHSA-2017:1244
generic_textual	CRITICAL	https://access.redhat.com/errata/RHSA-2017:1244
rhas	Important	https://access.redhat.com/errata/RHSA-2017:1244
cvssv3.1	9.8	https://access.redhat.com/errata/RHSA-2017:1334
generic_textual	CRITICAL	https://access.redhat.com/errata/RHSA-2017:1334
rhas	Important	https://access.redhat.com/errata/RHSA-2017:1334
cvssv3.1	9.8	https://access.redhat.com/errata/RHSA-2017:1476
generic_textual	CRITICAL	https://access.redhat.com/errata/RHSA-2017:1476
rhas	Important	https://access.redhat.com/errata/RHSA-2017:1476
cvssv3.1	9.8	https://access.redhat.com/errata/RHSA-2017:1499
generic_textual	CRITICAL	https://access.redhat.com/errata/RHSA-2017:1499
rhas	Important	https://access.redhat.com/errata/RHSA-2017:1499
cvssv3.1	9.8	https://access.redhat.com/errata/RHSA-2017:1599
generic_textual	CRITICAL	https://access.redhat.com/errata/RHSA-2017:1599
rhas	Important	https://access.redhat.com/errata/RHSA-2017:1599
cvssv3.1	9.8	https://access.redhat.com/errata/RHSA-2017:2524
generic_textual	CRITICAL	https://access.redhat.com/errata/RHSA-2017:2524
rhas	Moderate	https://access.redhat.com/errata/RHSA-2017:2524
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7481.json
epss	0.01164	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01164	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01164	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01164	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01951	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01951	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01951	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01951	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01951	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01951	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01951	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01951	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01951	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01951	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.01951	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03687	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03687	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03746	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03816	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03816	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03816	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03816	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03816	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03816	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03816	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03816	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03816	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03816	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03816	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03816	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
epss	0.07897	https://api.first.org/data/v1/epss?cve=CVE-2017-7481
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1450018
cvssv3.1	9.8	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481
generic_textual	CRITICAL	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7481
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-w578-j992-554x
cvssv3.1	5.0	https://github.com/ansible/ansible
cvssv3.1	9.8	https://github.com/ansible/ansible
generic_textual	CRITICAL	https://github.com/ansible/ansible
generic_textual	MODERATE	https://github.com/ansible/ansible
cvssv3.1	9.8	https://github.com/ansible/ansible/commit/a1886911fcf4b691130cfc70dfc5daa5e07c46a3
generic_textual	CRITICAL	https://github.com/ansible/ansible/commit/a1886911fcf4b691130cfc70dfc5daa5e07c46a3
cvssv3.1	9.8	https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
generic_textual	CRITICAL	https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
cvssv3.1	9.8	https://github.com/ansible/ansible/commit/f0e348f5eeb70c1fb3127d90891da43b5c0a9d29
generic_textual	CRITICAL	https://github.com/ansible/ansible/commit/f0e348f5eeb70c1fb3127d90891da43b5c0a9d29
cvssv3.1	9.8	https://github.com/ansible/ansible/commit/fd30f5328986f9e1da434474481f32bf918a600c
generic_textual	CRITICAL	https://github.com/ansible/ansible/commit/fd30f5328986f9e1da434474481f32bf918a600c
cvssv3.1	9.8	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-41.yaml
generic_textual	CRITICAL	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-41.yaml
cvssv3.1	7.3	https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
cvssv3.1	9.8	https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
generic_textual	CRITICAL	https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2017-7481
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2017-7481
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2017-7481
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2017-7481
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4072-1
cvssv3.1	4.2	https://usn.ubuntu.com/4072-1
cvssv3.1	9.8	https://usn.ubuntu.com/4072-1
generic_textual	CRITICAL	https://usn.ubuntu.com/4072-1
generic_textual	MODERATE	https://usn.ubuntu.com/4072-1
generic_textual	Medium	https://usn.ubuntu.com/usn/usn-4072-1
cvssv3.1	9.8	https://web.archive.org/web/20170801122609/http://www.securityfocus.com/bid/98492
generic_textual	CRITICAL	https://web.archive.org/web/20170801122609/http://www.securityfocus.com/bid/98492

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7481.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7481.json
		https://api.first.org/data/v1/epss?cve=CVE-2017-7481
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7481
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/commit/a1886911fcf4b691130cfc70dfc5daa5e07c46a3
		https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
		https://github.com/ansible/ansible/commit/f0e348f5eeb70c1fb3127d90891da43b5c0a9d29
		https://github.com/ansible/ansible/commit/fd30f5328986f9e1da434474481f32bf918a600c
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-41.yaml
		https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
		https://ubuntu.com/security/notices/USN-4072-1
		https://usn.ubuntu.com/4072-1
		https://usn.ubuntu.com/4072-1/
		https://usn.ubuntu.com/usn/usn-4072-1
		https://web.archive.org/web/20170801122609/http://www.securityfocus.com/bid/98492
		http://www.securityfocus.com/bid/98492
1450018		https://bugzilla.redhat.com/show_bug.cgi?id=1450018
862666		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862666
cpe:2.3:a:redhat:ansible_engine::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine::::::::
cpe:2.3:a:redhat:openshift_container_platform:3.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.3:::::::*
cpe:2.3:a:redhat:openshift_container_platform:3.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.4:::::::*
cpe:2.3:a:redhat:openshift_container_platform:3.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.5:::::::*
cpe:2.3:a:redhat:openstack:10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:::::::*
cpe:2.3:a:redhat:openstack:11:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:::::::*
cpe:2.3:a:redhat:storage_console:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:storage_console:2.0:::::::*
cpe:2.3:a:redhat:virtualization:4.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.1:::::::*
cpe:2.3:a:redhat:virtualization_manager:4.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_manager:4.1:::::::*
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2017-7481		https://nvd.nist.gov/vuln/detail/CVE-2017-7481
GHSA-w578-j992-554x		https://github.com/advisories/GHSA-w578-j992-554x
RHSA-2017:1244		https://access.redhat.com/errata/RHSA-2017:1244
RHSA-2017:1334		https://access.redhat.com/errata/RHSA-2017:1334
RHSA-2017:1476		https://access.redhat.com/errata/RHSA-2017:1476
RHSA-2017:1499		https://access.redhat.com/errata/RHSA-2017:1499
RHSA-2017:1599		https://access.redhat.com/errata/RHSA-2017:1599
RHSA-2017:2524		https://access.redhat.com/errata/RHSA-2017:2524

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1244

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1334

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1476

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1499

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1599

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:2524

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7481.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/a1886911fcf4b691130cfc70dfc5daa5e07c46a3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/f0e348f5eeb70c1fb3127d90891da43b5c0a9d29

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/fd30f5328986f9e1da434474481f32bf918a600c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-41.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7481

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7481

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7481

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://usn.ubuntu.com/4072-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/4072-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20170801122609/http://www.securityfocus.com/bid/98492

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.84660
EPSS Score	0.01164
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.