Launchpad.net

CVE 2014-3498

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.

See the CVE page on Mitre.org for more details.