CVE-2021-4041

Опубликовано: 24 авг. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.

Ссылки

https://access.redhat.com/security/cve/CVE-2021-4041
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2028074
Issue Tracking
Patch
Vendor Advisory
https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd
Patch
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-4041
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2028074
Issue Tracking
Patch
Vendor Advisory
https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:ansible_runner:*:*:*:*:*:*:*:*

Версия до 2.1.0 (исключая)

cpe:2.3:a:redhat:ansible_runner:2.1.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:redhat:ansible_runner:2.1.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:redhat:ansible_runner:2.1.0:beta1:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00063

Низкий

7.8 High

CVSS3

Дефекты

CWE-20

CWE-116

Связанные уязвимости

CVE-2021-4041

CVSS3: 7.8

ubuntu

больше 3 лет назад

CVE-2021-4041

CVSS3: 7.3

redhat

около 4 лет назад

CVE-2021-4041

CVSS3: 7.8

debian

больше 3 лет назад

A flaw was found in ansible-runner. An improper escaping of the shell ...

GHSA-6j58-grhv-2769

CVSS3: 7.8

github

больше 3 лет назад

ansible-runner vulnerable to shell command injection

EPSS

Процентиль: 20%

0.00063

Низкий

7.8 High

CVSS3

Дефекты

CWE-20

CWE-116