5.5
CVE-2024-11079
- EPSS 0.39%
- Published 12.11.2024 00:15:15
- Last modified 18.12.2024 04:15:06
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/ansible/ansible
≫
Package
ansible-core
Default Statusunaffected
Version <=
2.18.0
Version
0
Status
affected
VendorRed Hat
≫
Product
Ansible Automation Platform Execution Environments
Default Statusaffected
Version <
*
Version
1.2.0-93
Status
unaffected
VendorRed Hat
≫
Product
Ansible Automation Platform Execution Environments
Default Statusaffected
Version <
*
Version
3.0.1-108
Status
unaffected
VendorRed Hat
≫
Product
Ansible Automation Platform Execution Environments
Default Statusaffected
Version <
*
Version
2.9.27-34
Status
unaffected
VendorRed Hat
≫
Product
Ansible Automation Platform Execution Environments
Default Statusaffected
Version <
*
Version
2.12.10-56
Status
unaffected
VendorRed Hat
≫
Product
Ansible Automation Platform Execution Environments
Default Statusaffected
Version <
*
Version
2.18.1-2
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Ansible Automation Platform 2.5 for RHEL 8
Default Statusaffected
Version <
*
Version
1:2.16.14-1.el8ap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Ansible Automation Platform 2.5 for RHEL 9
Default Statusaffected
Version <
*
Version
1:2.16.14-1.el9ap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 10
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux AI (RHEL AI)
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux AI (RHEL AI)
Default Statusaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.595 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 5.5 | 1.3 | 3.7 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.