GHSA-7j69-qfc3-2fq9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7j69-qfc3-2fq9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-7j69-qfc3-2fq9/GHSA-7j69-qfc3-2fq9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7j69-qfc3-2fq9
- Aliases
- Published
- 2023-12-13T00:30:37Z
- Modified
- 2024-09-16T21:21:58.520139Z
- Severity
-
- 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- Ansible template injection vulnerability
- Details
-
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-1336" ], "github_reviewed_at": "2023-12-20T20:30:30Z", "nvd_published_at": "2023-12-12T22:15:22Z", "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-5764
- https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f
- https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a
- https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1
- https://access.redhat.com/errata/RHSA-2023:7773
- https://access.redhat.com/security/cve/CVE-2023-5764
- https://bugzilla.redhat.com/show_bug.cgi?id=2247629
- https://github.com/ansible/ansible
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU
Affected packages
PyPI / ansible-core
Package
- Name
- ansible-core
- View open source insights on deps.dev
- Purl
- pkg:pypi/ansible-core
PyPI / ansible-core
Package
- Name
- ansible-core
- View open source insights on deps.dev
- Purl
- pkg:pypi/ansible-core
PyPI / ansible-core
Package
- Name
- ansible-core
- View open source insights on deps.dev
- Purl
- pkg:pypi/ansible-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.14.12
Affected versions
0.*
0.0.1a1
2.*
2.11.0b1
2.11.0b2
2.11.0b3
2.11.0b4
2.11.0rc1
2.11.0rc2
2.11.0
2.11.1rc1
2.11.1
2.11.2rc1
2.11.2
2.11.3rc1
2.11.3
2.11.4rc1
2.11.4
2.11.5rc1
2.11.5
2.11.6rc1
2.11.6
2.11.7rc1
2.11.7
2.11.8rc1
2.11.8
2.11.9rc1
2.11.9
2.11.10rc1
2.11.10
2.11.11rc1
2.11.11
2.11.12rc1
2.11.12
2.12.0b1
2.12.0b2
2.12.0rc1
2.12.0
2.12.1rc1
2.12.1
2.12.2rc1
2.12.2
2.12.3rc1
2.12.3
2.12.4rc1
2.12.4
2.12.5rc1
2.12.5
2.12.6rc1
2.12.6
2.12.7rc1
2.12.7
2.12.8rc1
2.12.8
2.12.9rc1
2.12.9
2.12.10rc1
2.12.10
2.13.0b0
2.13.0b1
2.13.0rc1
2.13.0
2.13.1rc1
2.13.1
2.13.2rc1
2.13.2
2.13.3rc1
2.13.3
2.13.4rc1
2.13.4
2.13.5rc1
2.13.5
2.13.6rc1
2.13.6
2.13.7rc1
2.13.7
2.13.8rc1
2.13.8
2.13.9rc1
2.13.9
2.13.10rc1
2.13.10
2.13.11rc1
2.13.11
2.13.12rc1
2.13.12
2.13.13rc1
2.13.13
2.14.0b1
2.14.0b2
2.14.0b3
2.14.0rc1
2.14.0rc1.post0
2.14.0rc2
2.14.0
2.14.1rc1
2.14.1
2.14.2rc1
2.14.2
2.14.3rc1
2.14.3
2.14.4rc1
2.14.4
2.14.5rc1
2.14.5
2.14.6rc1
2.14.6
2.14.7rc1
2.14.7
2.14.8rc1
2.14.8
2.14.9rc1
2.14.9
2.14.10rc1
2.14.10
2.14.11rc1
2.14.11
2.14.12rc1