CVE-2023-5764

Updated: 2024-01-11 10:09:18.371651

Description:

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS ansible 2.6.20 7.8 HIGH Needs Triage 2024-01-30 10:10:01
CloudLinux 6 ELS ansible 2.6.20 7.8 HIGH Needs Triage 2024-01-30 10:10:01
Oracle Linux 6 ELS ansible 2.6.20 7.8 HIGH Needs Triage 2024-01-30 10:10:01
Ubuntu 16.04 ELS ansible 2.0.0.2 7.8 HIGH Ignored 2024-01-11 10:09:18
Ubuntu 18.04 ELS ansible 2.5.1 7.8 HIGH Needs Triage 2024-01-30 10:10:01

Statement

Will not fix due to a large block of changes because of a huge difference between the upstream and the 2.0.0.2 version of the ansible. Additionally, the absence of test suite leads to the impossibility of warranting the correctness of the changes.