Ansible-Core Vulnerability Allows Bypass of Unsafe Content Protections
CVE-2024-11079
5.5MEDIUM
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Ansible Automation Platform 2
- Red Hat Enterprise Linux Ai (rhel Ai)
- Vendor
- CVE Published:
- 12 November 2024
Summary
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Collectors
NVD DatabaseMitre Database