Main Vulnerability Database Vulnerabilities #VU101827

#VU101827 Security features bypass in Ansible - CVE-2024-11079

Published: December 18, 2024

Vulnerability identifier: #VU101827

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-11079

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ansible

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to application allows to use hostvars object to reference and execute templated content. A remote user can bypass unsafe content protections and execute arbitrary code if remote data or module outputs are improperly templated within playbooks.

Remediation

Install updates from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2024:10770
https://access.redhat.com/errata/RHSA-2024:11145
https://access.redhat.com/security/cve/CVE-2024-11079
https://bugzilla.redhat.com/show_bug.cgi?id=2325171

#VU101827 Security features bypass in Ansible - CVE-2024-11079

Description

Remediation

External links

Please verify you're human