Moderate severityNVD Advisory· Published Jul 26, 2018· Updated Aug 6, 2024
CVE-2016-8647
CVE-2016-8647
Description
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ansiblePyPI | < 2.2.1.0 | 2.2.1.0 |
Affected products
1Patches
130fb384e7fb9mysql_user: fix user_mod on MySQL(-like) 5.7+ (Fixes #3003) (#5388)
1 file changed · +1 −1
database/mysql/mysql_user.py+1 −1 modified@@ -339,7 +339,7 @@ def user_mod(cursor, user, host, host_all, password, encrypted, new_priv, append if old_user_mgmt: cursor.execute("SET PASSWORD FOR %s@%s = PASSWORD(%s)", (user, host, password)) else: - cursor.execute("ALTER USER %s@%s IDENTIFIED BY %s", (user, host, password)) + cursor.execute("ALTER USER %s@%s IDENTIFIED WITH mysql_native_password BY %s", (user, host, password)) changed = True # Handle privileges
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- access.redhat.com/errata/RHSA-2017:1685ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-x4cm-m36h-c6qjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-8647ghsaADVISORY
- access.redhat.com/security/cve/CVE-2016-8647ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/ansible/ansible-modules-core/commit/30fb384e7fb9a94ac3929e4a650877e45d8834c9ghsaWEB
- github.com/ansible/ansible-modules-core/pull/5388ghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-58.yamlghsaWEB
News mentions
0No linked articles in our index yet.