CVE-2016-8614

A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-07-31 21:29

Updated : 2024-02-28 16:48


NVD link : CVE-2016-8614

Mitre link : CVE-2016-8614

CVE.ORG link : CVE-2016-8614


JSON object : View

Products Affected

redhat

  • ansible
CWE
CWE-320

Key Management Errors

CWE-358

Improperly Implemented Security Check for Standard