7.8
CVE-2023-5764
- EPSS 0.07%
- Published 12.12.2023 22:15:22
- Last modified 21.11.2024 08:42:26
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
Data is provided by the National Vulnerability Database (NVD)
Fedoraproject ≫ Extra Packages For Enterprise Linux Version8.0
Fedoraproject ≫ Fedora Version38
Fedoraproject ≫ Fedora Version39
Redhat ≫ Ansible Automation Platform Version2.4
Redhat ≫ Ansible Developer Version1.1
Redhat ≫ Ansible Inside Version1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.225 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secalert@redhat.com | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.