Ansible-Core Vulnerability Allows Bypass of Unsafe Content Protections

CVE-2024-11079

5.5MEDIUM

Key Information

Vendor: Red Hat
Status: Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux Ai (rhel Ai)
Vendor: CVE Published:; 12 November 2024

Summary

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Nov 12, 2024
Reported to Red Hat.
Nov 11, 2024

Collectors

NVD DatabaseMitre Database