CVE-2023-5764

CWE-133611 documents9 sources

Severity

7.8HIGH

EPSS

0.1%

top 78.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Fedoraproject Extra Packages FOR Enterprise Linux Fedoraproject Fedora +3 more

Timeline

PublishedDec 12

Latest updateJul 15

Description

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages8 packages

▶PyPIansible-core2.16.0 — 2.16.1+2

▶NVDredhat/ansible2.15.0 — 2.15.7+2

▶Debianansible< 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1+3

▶Debianansible-core< 2.14.16-0+deb12u1+2

▶NVDredhat/ansible_inside1.2

Also affects: Fedora 38, 39

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

ansible vulnerabilities↗2024-06-25

▶

OSV

Ansible template injection vulnerability↗2023-12-13

▶

GHSA

Ansible template injection vulnerability↗2023-12-13

▶

CVEList

Ansible: template injection↗2023-12-12

▶

OSV

CVE-2023-5764: A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from templat↗2023-12-12

▶

📋Vendor Advisories

Oracle

Oracle Oracle Siebel CRM Risk Matrix: Siebel Cloud Manager (Ansible) — CVE-2023-5764↗2024-07-15

▶

Ubuntu

Ansible vulnerabilities↗2024-06-25

▶

Microsoft

Ansible: template injection↗2023-12-12

▶

Red Hat

ansible: Template Injection↗2023-11-02

▶

Debian

CVE-2023-5764: ansible - A template injection flaw was found in Ansible where a user's controller interna...↗2023

▶