Описание
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
EPSS
7.6 High
CVSS3
9.1 Critical
CVSS3
9 Critical
CVSS2
Дефекты
Связанные уязвимости
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
Ansible before version 2.2.0 fails to properly sanitize fact variables ...
Ansible fails to properly sanitize fact variables sent from the Ansible controller
EPSS
7.6 High
CVSS3
9.1 Critical
CVSS3
9 Critical
CVSS2