Ansible-Core Vulnerability Allows Bypass of Unsafe Content Protections

CVE-2024-11079

5.5MEDIUM

Key Information

Vendor
Red Hat
Status
Red Hat Ansible Automation Platform 2
Red Hat Enterprise Linux Ai (rhel Ai)
Vendor
CVE Published:
12 November 2024

Summary

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.