Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2016-8647

CVE-2016-8647

MEDIUM4.9

An input validation vulnerability was found in Ansible's mysql_user module before 2

Published Jul 26, 2018

Modified 1 years ago

Details

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

References

ADVISORYhttps://access.redhat.com/errata/RHSA-2017:1685 WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647 WEBhttps://github.com/ansible/ansible-modules-core/pull/5388 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2016-8647

CVSS Analysis

CVSS v3.1

4.9

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

HighI:H

Availability

NoneA:N

4.9/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Weakness Type (CWE)

Input Validation

Improper Input Validation

Ecosystems

Timeline

PublishedJul 26, 2018

ModifiedAug 6, 2024

CVE-2016-8647 | Mondoo Vulnerability Intelligence