Описание
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
Отчет
Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | ansible | Not affected | ||
| Red Hat Ceph Storage 2 | ansible | Affected | ||
| Red Hat Ceph Storage 3 | ansible | Affected | ||
| Red Hat OpenShift Enterprise 3 | ansible | Will not fix | ||
| Red Hat OpenStack Platform 14 (Rocky) | ansible | Not affected | ||
| Red Hat Satellite 6 | ansible | Not affected | ||
| Red Hat Storage 3 | ansible | Affected | ||
| Red Hat Ansible Engine 2.4 for RHEL 7 | ansible | Fixed | RHSA-2018:2152 | 10.07.2018 |
| Red Hat Ansible Engine 2.5 for RHEL 7 | ansible | Fixed | RHSA-2018:2150 | 10.07.2018 |
| Red Hat Ansible Engine 2.6 for RHEL 7 | ansible | Fixed | RHSA-2018:2166 | 10.07.2018 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
In ansible it was found that inventory variables are loaded from curre ...
Ansible Improper Input Validation vulnerability
Уязвимость системы управления конфигурациями Ansible, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольный код
7.8 High
CVSS3