CVE-2024-11079

Dec. 4, 2024, 2:15 a.m.

5.5
Medium

Description

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

Product(s) Impacted

Product Versions
Ansible-Core

Weaknesses

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://access.redhat.com/errata/RHSA-2024:10770
https://access.redhat.com/security/cve/CVE-2024-11079
https://bugzilla.redhat.com/show_bug.cgi?id=2325171

Tags

secalert@redhat.com
CWE-20
2024-11-12
CVE-2024-11079

CVSS Score

5.5 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: LOW
  • Scope: CHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: LOW
    • View Vector String

    CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Date

  • Published: Nov. 12, 2024, 12:15 a.m.
  • Last Modified: Dec. 4, 2024, 2:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.