CVE-2013-2233

Name: CVE-2013-2233
Creator: NVD / NIST
Published: 2018-05-04T20:29:00.373+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.96%

Last modified Jun 16, 2026

CVE-2013-2233 is a vulnerability of currently unknown severity. Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.. EPSS estimates a 1.96% chance of exploitation in the next 30 days.

Description

Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.

Metrics

EPSS Probability

1.96%

77.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-320

Affected Software

Vendor	Product	Versions
Redhat	Ansible	< 1.2.1

References

http://www.openwall.com/lists/oss-security/2013/07/01/2Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/07/02/6Mailing List, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=980821Issue Tracking
https://github.com/ansible/ansible/issues/857Issue Tracking, Third Party Advisory
https://www.ansible.com/securityVendor Advisory
http://www.openwall.com/lists/oss-security/2013/07/01/2Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/07/02/6Mailing List, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=980821Issue Tracking
https://github.com/ansible/ansible/issues/857Issue Tracking, Third Party Advisory
https://www.ansible.com/securityVendor Advisory

Timeline

Published: May 4, 2018
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-2233?

Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.

How severe is CVE-2013-2233?

Severity scoring for CVE-2013-2233 is pending analysis. The EPSS model estimates a 1.96% probability of exploitation in the next 30 days.

How do I fix CVE-2013-2233?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-2233?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST