Skip to content

Ansible fails to cache SSH host keys

High severity GitHub Reviewed Published Oct 10, 2018 to the GitHub Advisory Database • Updated Sep 4, 2024

Package

pip ansible (pip)

Affected versions

< 1.2.1

Patched versions

1.2.1

Description

Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.

References

Published to the GitHub Advisory Database Oct 10, 2018
Reviewed Jun 16, 2020
Last updated Sep 4, 2024

Severity

High

EPSS score

0.247%
(65th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2013-2233

GHSA ID

GHSA-9x6q-5423-w5v9

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.