CVE-2021-4041

Опубликовано: 01 дек. 2021

Источник: redhat

CVSS3: 7.3

Описание

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.

Отчет

Satellite 6.12 and later versions are not affected by this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
CloudForms Management Engine 5	ansible-runner	Out of support scope
Red Hat Ceph Storage 4	ansible-runner	Affected
Red Hat OpenShift Container Platform 4	ansible-runner	Not affected
Red Hat OpenStack Platform 13 (Queens)	python-ansible-runner	Out of support scope
Red Hat OpenStack Platform 16.1	python-ansible-runner	Will not fix
Red Hat OpenStack Platform 16.2	python-ansible-runner	Will not fix
Red Hat OpenStack Platform 17.0	python-ansible-runner	Will not fix
Red Hat Satellite 6	ansible-runner	Affected
Red Hat Virtualization 4	ansible-runner	Not affected
Red Hat Ansible Automation Platform 2.0 for RHEL 8	ansible-runner	Fixed	RHSA-2022:0108	11.01.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=2028074Ansible: Improper shell escaping in ansible-runner

7.3 High

CVSS3

Связанные уязвимости

CVE-2021-4041

CVSS3: 7.8

ubuntu

больше 3 лет назад

CVE-2021-4041

CVSS3: 7.8

nvd

больше 3 лет назад

CVE-2021-4041

CVSS3: 7.8

debian

больше 3 лет назад

A flaw was found in ansible-runner. An improper escaping of the shell ...

GHSA-6j58-grhv-2769

CVSS3: 7.8

github

больше 3 лет назад

ansible-runner vulnerable to shell command injection

7.3 High

CVSS3