7.8
CVE-2023-5764
- EPSS 0.54%
- Veröffentlicht 12.12.2023 22:15:22
- Zuletzt bearbeitet 21.11.2024 08:42:26
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Ansible: template injection
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Extra Packages For Enterprise Linux Version8.0
Fedoraproject ≫ Fedora Version38
Fedoraproject ≫ Fedora Version39
Redhat ≫ Ansible Automation Platform Version2.4
Redhat ≫ Ansible Developer Version1.1
Redhat ≫ Ansible Inside Version1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.41 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secalert@redhat.com | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
https://access.redhat.com/errata/RHSA-2023:7773
https://access.redhat.com/security/cve/CVE-2023-5764
https://bugzilla.redhat.com/show_bug.cgi?id=2247629
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/
https://security.netapp.com/advisory/ntap-20241025-0001/