CVE-2014-3498

Published: 08 June 2017

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.

From the Ubuntu security team

It was discovered that Ansible improperly handled the output of certain commands. An attacker could use this vulnerability to execute arbitrary commands on the ansible manging host.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
ansible
Launchpad, Ubuntu, Debian
Upstream
Released (1.7.0+dfsg-1)
Ubuntu 21.10 (Impish Indri) Not vulnerable

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Needed