Published: 12/12/2023 Updated: 25/04/2024

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an malicious user to use a specially crafted file to introduce templating injection when supplying templating data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat ansible 2.16.0
redhat ansible
fedoraproject extra packages for enterprise linux 8.0
fedoraproject fedora 38
fedoraproject fedora 39
redhat ansible_automation_platform 2.4
redhat ansible_developer 1.1
redhat ansible_inside 1.2

Synopsis Moderate: Red Hat Ansible Automation Platform 24 Product Security and Bug Fix Update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Ansible Automation Platform 24Red Hat P ...

Debian Bug report logs - #1057427 ansible-core: CVE-2023-5764: internal templating can cause unsafe variables to lose their unsafe designation Package: src:ansible-core; Maintainer for src:ansible-core is Lee Garrett <debian@rocketjumpeu>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 4 Dec 2023 2 ...

NVD-CWE-Other https://access.redhat.com/security/cve/CVE-2023-5764 https://bugzilla.redhat.com/show_bug.cgi?id=2247629 https://access.redhat.com/errata/RHSA-2023:7773 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/https://access.redhat.com/errata/RHSA-2023:7773 https://nvd.nist.gov

CVE-2023-5764

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect