First published: Thu Nov 02 2023(Updated: )
A flaw was found in Ansible, where a user's controller is vulnerable to template injection when internal templating operations may errantly remove the unsafe designation from template data.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
pip/ansible-core | <2.14.12 | 2.14.12 |
pip/ansible-core | >=2.15.0<2.15.8 | 2.15.8 |
pip/ansible-core | >=2.16.0<2.16.1 | 2.16.1 |
Redhat Ansible | <2.14.12 | |
Redhat Ansible | >=2.15.0<2.15.7 | |
Redhat Ansible | =2.16.0 | |
Redhat Ansible | =2.16.0-beta1 | |
Redhat Ansible | =2.16.0-beta2 | |
Redhat Ansible | =2.16.0-rc1 | |
Fedoraproject Extra Packages For Enterprise Linux | =8.0 | |
Fedoraproject Fedora | =38 | |
Fedoraproject Fedora | =39 | |
All of | ||
Any of | ||
Redhat Ansible Automation Platform | =2.4 | |
Redhat Ansible Developer | =1.1 | |
Redhat Ansible Inside | =1.2 | |
Any of | ||
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.