Описание
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 2.5.1+dfsg-1ubuntu0.1 |
| cosmic | not-affected | 2.6.1+dfsg-1 |
| devel | not-affected | 2.6.1+dfsg-1 |
| disco | not-affected | 2.6.1+dfsg-1 |
| eoan | not-affected | 2.6.1+dfsg-1 |
| esm-apps/bionic | released | 2.5.1+dfsg-1ubuntu0.1 |
| esm-apps/focal | not-affected | 2.6.1+dfsg-1 |
| esm-apps/jammy | not-affected | 2.6.1+dfsg-1 |
| esm-apps/noble | not-affected | 2.6.1+dfsg-1 |
Показывать по
4.6 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
In ansible it was found that inventory variables are loaded from curre ...
Ansible Improper Input Validation vulnerability
Уязвимость системы управления конфигурациями Ansible, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольный код
4.6 Medium
CVSS2
7.8 High
CVSS3