Vulnerability Details CVE-2013-2233
Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.9%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 5.8
References
- http://www.openwall.com/lists/oss-security/2013/07/01/2
- http://www.openwall.com/lists/oss-security/2013/07/02/6
- https://bugzilla.redhat.com/show_bug.cgi?id=980821
- https://github.com/ansible/ansible/issues/857
- https://www.ansible.com/security
- http://www.openwall.com/lists/oss-security/2013/07/01/2
- http://www.openwall.com/lists/oss-security/2013/07/02/6
- https://bugzilla.redhat.com/show_bug.cgi?id=980821
- https://github.com/ansible/ansible/issues/857
- https://www.ansible.com/security
Products affected by CVE-2013-2233
-
cpe:2.3:a:redhat:ansible:0.0.1
-
cpe:2.3:a:redhat:ansible:0.0.2
-
cpe:2.3:a:redhat:ansible:0.01
-
cpe:2.3:a:redhat:ansible:0.3
-
cpe:2.3:a:redhat:ansible:0.3.1
-
cpe:2.3:a:redhat:ansible:0.4
-
cpe:2.3:a:redhat:ansible:0.4.1
-
cpe:2.3:a:redhat:ansible:0.5
-
cpe:2.3:a:redhat:ansible:0.6
-
cpe:2.3:a:redhat:ansible:0.7
-
cpe:2.3:a:redhat:ansible:0.7.1
-
cpe:2.3:a:redhat:ansible:0.7.2
-
cpe:2.3:a:redhat:ansible:0.8
-
cpe:2.3:a:redhat:ansible:0.9
-
cpe:2.3:a:redhat:ansible:1.0
-
cpe:2.3:a:redhat:ansible:1.1
-
cpe:2.3:a:redhat:ansible:1.2