CVE-2024-11079

Sažetak

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

Reference

https://access.redhat.com/errata/RHSA-2024:10770
https://access.redhat.com/security/cve/CVE-2024-11079
https://bugzilla.redhat.com/show_bug.cgi?id=2325171

CVSS

Base:	5.5
Impact:	3.7
Exploitability:	1.3

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Zadnje važnije ažuriranje

04-12-2024 - 02:15

Objavljeno

12-11-2024 - 00:15