Описание
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity as well as system integrity.
Отчет
- Red Hat OpenStack Platform is not affected by this flaw. All supported versions ship python-jinja2 packages which have already been fixed.
- Red Hat Satellite 6 will receive fixes through the underlying Red Hat Enterprise Linux, so it will not issue updates to its own affected package.
- Red Hat Update Infrastructure is not affected because its packaged versions of python-jinja2 do not use the Sandbox feature, nor does it allow untrusted jinja2 templates.
- Red Hat Virtualization Management Appliance includes python-jinja2 as a dependency of ovirt-engine-backend, which only uses it with controlled format strings that are not exploitable.
- Red Hat Ceph Storage 2 and 3 are affected by this flaw as it contains the vulnerable code and will get security fixes for python-jinja2 from Red Hat Enterprise Linux 7 channel.
Меры по смягчению последствий
If you don't want or you cannot upgrade Jinja2, you can override the is_safe_attribute method on the sandbox and explicitly disallow all format attributes on strings.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | python-jinja2 | Will not fix | ||
| Red Hat Ceph Storage 3 | python-jinja2 | Will not fix | ||
| Red Hat Enterprise Linux 6 | python-jinja2 | Will not fix | ||
| Red Hat Enterprise Linux 8 | python27:2.7/python-jinja2 | Not affected | ||
| Red Hat Enterprise Linux 8 | python-jinja2 | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | python-jinja2 | Not affected | ||
| Red Hat OpenStack Platform 14 (Rocky) | python-jinja2 | Not affected | ||
| Red Hat OpenStack Platform 15 (Stein) | python-jinja2 | Not affected | ||
| Red Hat Software Collections | rh-python36-python-jinja2 | Not affected | ||
| Red Hat Storage 3 | python-jinja2 | Affected |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-138
https://bugzilla.redhat.com/show_bug.cgi?id=1698345python-jinja2: Sandbox escape due to information disclosure via str.format
EPSS
Процентиль: 77%
0.01022
Низкий
9 Critical
CVSS3
Связанные уязвимости
EPSS
Процентиль: 77%
0.01022
Низкий
9 Critical
CVSS3