CVE-2017-2809

Опубликовано: 14 сент. 2017

Источник: nvd

CVSS3: 7.5

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.

Ссылки

http://www.securityfocus.com/bid/100824
Third Party Advisory
VDB Entry
https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt
Third Party Advisory
https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04
Third Party Advisory
https://github.com/tomoh1r/ansible-vault/issues/4
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/100824
Third Party Advisory
VDB Entry
https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt
Third Party Advisory
https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04
Third Party Advisory
https://github.com/tomoh1r/ansible-vault/issues/4
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ansible-vault_project:ansible-vault:*:*:*:*:*:*:*:*

Версия до 1.0.4 (включая)

EPSS

Процентиль: 71%

0.00664

Низкий

7.5 High

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-c2w9-48qc-qpj4

CVSS3: 7.8

github

больше 7 лет назад

Code injection in ansible

EPSS

Процентиль: 71%

0.00664

Низкий

7.5 High

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-94