Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03ajY5LXFmYzMtMmZxOc4AA3tj
Ansible template injection vulnerability
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
Permalink: https://github.com/advisories/GHSA-7j69-qfc3-2fq9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ajY5LXFmYzMtMmZxOc4AA3tj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: 3 months ago
CVSS Score: 6.6
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS Percentage: 0.00042
EPSS Percentile: 0.05089
Identifiers: GHSA-7j69-qfc3-2fq9, CVE-2023-5764
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-5764
- https://access.redhat.com/security/cve/CVE-2023-5764
- https://bugzilla.redhat.com/show_bug.cgi?id=2247629
- https://access.redhat.com/errata/RHSA-2023:7773
- https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f
- https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a
- https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1
- https://lists.fedoraproject.org/archives/list/[email protected]/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU
- https://github.com/advisories/GHSA-7j69-qfc3-2fq9
Blast Radius: 22.0
Affected Packages
pypi:ansible-core
Dependent packages: 53Dependent repositories: 2,140
Downloads: 7,085,445 last month
Affected Version Ranges: < 2.14.12, >= 2.15.0, < 2.15.8, >= 2.16.0, < 2.16.1
Fixed in: 2.14.12, 2.15.8, 2.16.1
All affected versions: 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.11.4, 2.11.5, 2.11.6, 2.11.7, 2.11.8, 2.11.9, 2.11.10, 2.11.11, 2.11.12, 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 2.12.8, 2.12.9, 2.12.10, 2.13.0, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.13.5, 2.13.6, 2.13.7, 2.13.8, 2.13.9, 2.13.10, 2.13.11, 2.13.12, 2.13.13, 2.14.0, 2.14.1, 2.14.2, 2.14.3, 2.14.4, 2.14.5, 2.14.6, 2.14.7, 2.14.8, 2.14.9, 2.14.10, 2.14.11, 2.15.0, 2.15.1, 2.15.2, 2.15.3, 2.15.4, 2.15.5, 2.15.6, 2.15.7, 2.16.0
All unaffected versions: 2.14.12, 2.14.13, 2.14.14, 2.14.15, 2.14.16, 2.14.17, 2.14.18, 2.15.8, 2.15.9, 2.15.10, 2.15.11, 2.15.12, 2.15.13, 2.16.1, 2.16.2, 2.16.3, 2.16.4, 2.16.5, 2.16.6, 2.16.7, 2.16.8, 2.16.9, 2.16.10, 2.16.11, 2.16.12, 2.16.13, 2.16.14, 2.17.0, 2.17.1, 2.17.2, 2.17.3, 2.17.4, 2.17.5, 2.17.6, 2.17.7, 2.18.0, 2.18.1