Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-11079

Опубликовано: 12 нояб. 2024
Источник: debian
EPSS Низкий

Описание

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ansible-corefixed2.18.0-2package
ansible-corefixed2.14.18-0+deb12u1bookwormpackage
ansiblefixed5.4.0-1package

Примечания

  • ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid

  • https://bugzilla.redhat.com/show_bug.cgi?id=2325171

  • https://github.com/advisories/GHSA-99w6-3xph-cx78

  • Fixed by: https://github.com/ansible/ansible/commit/2936b80dbbc7efb889934aeec80f6142c10266ce (v2.18.1rc1)

  • Fixed by: https://github.com/ansible/ansible/commit/98774d15d7748ebaaaf2e83942cc7e8d39f7280e (v2.17.7rc1)

  • Fixed by: https://github.com/ansible/ansible/commit/70e83e72b43e05e57eb42a6d52d01a4d9768f510 (v2.16.14rc1)

EPSS

Процентиль: 60%
0.00406
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-11079

CVSS3: 5.5
ubuntu
9 месяцев назад

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

redhat логотип

CVE-2024-11079

CVSS3: 5.5
redhat
9 месяцев назад

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

nvd логотип

CVE-2024-11079

CVSS3: 5.5
nvd
9 месяцев назад

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

github логотип

GHSA-99w6-3xph-cx78

CVSS3: 5.5
github
9 месяцев назад

Ansible-Core vulnerable to content protections bypass

fstec логотип

BDU:2025-09015

CVSS3: 5.5
fstec
9 месяцев назад

Уязвимость системы управления конфигурациями Ansible, связанная с неправильной проверкой входных данных, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 60%
0.00406
Низкий