CVE-2016-8614 Vulnerability Details

  /     /     /  

CVE-2016-8614 Metadata Quick Info

CVE Published: 31/07/2018 | CVE Updated: 06/08/2024 | CVE Year: 2016
Source: redhat | Vendor: Red Hat | Product: Ansible
Status : PUBLISHED

---

CVE-2016-8614 Description

A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-358
CWE Name: CWE-358
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).