Описание
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.5.1+dfsg-1 |
| cosmic | not-affected | 2.6.1+dfsg-1 |
| devel | not-affected | 2.6.1+dfsg-1 |
| disco | not-affected | 2.6.1+dfsg-1 |
| eoan | not-affected | 2.6.1+dfsg-1 |
| esm-apps/bionic | not-affected | 2.5.1+dfsg-1 |
| esm-apps/focal | not-affected | 2.6.1+dfsg-1 |
| esm-apps/jammy | not-affected | 2.6.1+dfsg-1 |
| esm-apps/xenial | not-affected | 2.0.0.2-2ubuntu1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.
Multiple argument injection vulnerabilities in Ansible before 1.6.7 al ...
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3