CVE-2013-2233

描述

Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.

受影響套件(3)

• Debian/ansiblefrom 0, < 1.3.4+dfsg-1
• PyPI/ansiblefrom 0, < 1.2.1
• PyPI/ansiblefrom 0, < 1.2.1

CVSS 分數

參考連結(10)

• ADVISORYhttps://github.com/advisories/GHSA-9x6q-5423-w5v9
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-2233
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-2233
• PATCHhttps://github.com/ansible/ansible
• WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=980821
• WEBhttps://github.com/ansible/ansible/issues/857
• WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-36.yaml
• WEBhttps://www.ansible.com/security
• WEBhttp://www.openwall.com/lists/oss-security/2013/07/01/2
• WEBhttp://www.openwall.com/lists/oss-security/2013/07/02/6