/
PYSEC-2018-58.yaml
93 lines (93 loc) · 1.53 KB
/
PYSEC-2018-58.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
id: PYSEC-2018-58
details: An input validation vulnerability was found in Ansible's mysql_user module
before 2.2.1.0, which may fail to correctly change a password in certain circumstances.
Thus the previous password would still be active when it should have been changed.
affected:
- package:
name: ansible
ecosystem: PyPI
purl: pkg:pypi/ansible
ranges:
- type: ECOSYSTEM
events:
- introduced: '0'
- fixed: 2.2.1.0
versions:
- '1.0'
- '1.1'
- '1.2'
- 1.2.1
- 1.2.2
- 1.2.3
- 1.3.0
- 1.3.1
- 1.3.2
- 1.3.3
- 1.3.4
- '1.4'
- 1.4.1
- 1.4.2
- 1.4.3
- 1.4.4
- 1.4.5
- '1.5'
- 1.5.1
- 1.5.2
- 1.5.3
- 1.5.4
- 1.5.5
- '1.6'
- 1.6.1
- 1.6.10
- 1.6.2
- 1.6.3
- 1.6.4
- 1.6.5
- 1.6.6
- 1.6.7
- 1.6.8
- 1.6.9
- '1.7'
- 1.7.1
- 1.7.2
- '1.8'
- 1.8.1
- 1.8.2
- 1.8.3
- 1.8.4
- 1.9.0
- 1.9.0.1
- 1.9.1
- 1.9.2
- 1.9.3
- 1.9.4
- 1.9.5
- 1.9.6
- 2.0.0
- 2.0.0.0
- 2.0.0.1
- 2.0.0.2
- 2.0.1.0
- 2.0.2.0
- 2.1.0.0
- 2.1.1.0
- 2.1.2.0
- 2.1.3.0
- 2.1.4.0
- 2.1.5.0
- 2.1.6.0
- 2.2.0.0
references:
- type: WEB
url: https://github.com/ansible/ansible-modules-core/pull/5388
- type: REPORT
url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647
- type: ADVISORY
url: https://access.redhat.com/errata/RHSA-2017:1685
- type: ADVISORY
url: https://github.com/advisories/GHSA-x4cm-m36h-c6qj
aliases:
- CVE-2016-8647
- GHSA-x4cm-m36h-c6qj
modified: '2021-07-25T23:34:24.709864Z'
published: '2018-07-26T14:29:00Z'