CVE-2016-8614: Moderate severity vulnerability that affects ansible

October 10, 2018 (updated September 9, 2021)

A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.

References

github.com/advisories/GHSA-cmwx-9m2h-x7v4
nvd.nist.gov/vuln/detail/CVE-2016-8614

Detect and mitigate CVE-2016-8614 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →