An input validation vulnerability was found in ansible's handling of data sent from client systems. An attacker with control over a client system being managed by ansible and the ability to send facts back to the ansible server could use this flaw to execute arbitrary commands on the ansible server as the user and group ansible is running as.
An input validation vulnerability was found in ansible's handling of data sent from client systems. An attacker with control over a client system being managed by ansible and the ability to send facts back to the ansible server could use this flaw to execute arbitrary commands on the ansible server as the user and group ansible is running as.
https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt
Vulmon