CVE-2023-5764

Опубликовано: 12 дек. 2023

Источник: nvd

CVSS3: 7.1

CVSS3: 7.8

EPSS Низкий

Описание

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.

Ссылки

https://access.redhat.com/errata/RHSA-2023:7773
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-5764
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2247629
Issue Tracking
Patch
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7773
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-5764
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2247629
Issue Tracking
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/
https://security.netapp.com/advisory/ntap-20241025-0001/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

Версия до 2.14.12 (исключая)

cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

Версия от 2.15.0 (включая) до 2.15.7 (исключая)

cpe:2.3:a:redhat:ansible:2.16.0:-:*:*:*:*:*:*

cpe:2.3:a:redhat:ansible:2.16.0:beta1:*:*:*:*:*:*

cpe:2.3:a:redhat:ansible:2.16.0:beta2:*:*:*:*:*:*

cpe:2.3:a:redhat:ansible:2.16.0:rc1:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*

cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00071

Низкий

7.1 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-1336

NVD-CWE-Other

Связанные уязвимости

CVE-2023-5764

CVSS3: 7.1

ubuntu

около 2 лет назад

CVE-2023-5764

CVSS3: 7.1

redhat

больше 2 лет назад

CVE-2023-5764

CVSS3: 7.8

msrc

около 2 лет назад

Описание отсутствует

CVE-2023-5764

CVSS3: 7.1

debian

около 2 лет назад

A template injection flaw was found in Ansible where a user's controll ...

GHSA-7j69-qfc3-2fq9

CVSS3: 6.6

github

около 2 лет назад

Ansible template injection vulnerability

EPSS

Процентиль: 22%

0.00071

Низкий

7.1 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-1336

NVD-CWE-Other