{"id":"CVE-2016-8647","details":"An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.","aliases":["GHSA-x4cm-m36h-c6qj","PYSEC-2018-58"],"modified":"2026-07-07T08:49:18.387419118Z","published":"2018-07-26T14:29:00.267Z","related":["SUSE-SU-2020:3309-1","SUSE-SU-2024:1427-1","SUSE-SU-2024:1509-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"redhat:virtualization","cpes":["cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"4.1"},{"last_affected":"4.1"}],"source":"CPE_STRING"}]},"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1685"},{"type":"ADVISORY","url":"https://github.com/ansible/ansible-modules-core/pull/5388"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ansible/ansible","events":[{"introduced":"0"},{"fixed":"53629100006d1d8eebe3447235f8b4bf048a3dc0"}],"database_specific":{"cpe":"cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.2.1.0"}],"source":"CPE_RANGE"}}],"versions":["v2.2.1.0-0.5.rc5","v2.2.1.0-0.4.rc4","v2.2.1.0-0.3.rc3","v2.2.1.0-0.2.rc2","v2.2.1.0-0.1.rc1","v2.2.0.0-1","v2.2.0.0-0.4.rc4","v2.2.0.0-0.3.rc3","v2.2.0.0-0.2.rc2","v2.2.0.0-0.1.rc1","v2.0.0-0.5.beta3","v2.0.0-0.4.beta2","v2.0.0-0.3.beta1","v2.0.0-0.2.alpha2","v2.0.0-0.1.alpha1","v1.6.0","v1.4.0","v1.2","v1.1","v1.0","0.7","0.3","0.0.1","0.01"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8647.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"}]}