gsd-2023-5764
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2023-5764",
    "id": "GSD-2023-5764"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-5764"
      ],
      "details": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.",
      "id": "GSD-2023-5764",
      "modified": "2023-12-13T01:20:50.796904Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2023-5764",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "1:2.15.8-1.el8ap",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "1:2.15.8-1.el8ap",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "1:2.15.8-1.el9ap",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "1:2.15.8-1.el9ap",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-1336",
                "lang": "eng",
                "value": "Improper Neutralization of Special Elements Used in a Template Engine"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/errata/RHSA-2023:7773",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2023:7773"
          },
          {
            "name": "https://access.redhat.com/security/cve/CVE-2023-5764",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2023-5764"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5995DC14-0DBB-4784-B57D-21F850D4CE63",
                    "versionEndExcluding": "2.14.12",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4212FD6E-7D15-403C-9B4B-48F348F18501",
                    "versionEndExcluding": "2.15.7",
                    "versionStartIncluding": "2.15.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:redhat:ansible:2.16.0:-:*:*:*:*:*:*",
                    "matchCriteriaId": "D717EC3B-C9C9-49C5-B64B-58A46A6A99B4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:redhat:ansible:2.16.0:beta1:*:*:*:*:*:*",
                    "matchCriteriaId": "B01E3989-78A3-4CD3-9F6B-CD5AF3559365",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:redhat:ansible:2.16.0:beta2:*:*:*:*:*:*",
                    "matchCriteriaId": "D109D9B1-B465-4708-BC0C-134AF8D81BB9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:redhat:ansible:2.16.0:rc1:*:*:*:*:*:*",
                    "matchCriteriaId": "90BA6AD3-1627-46DA-9972-96A567EC17A1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "05986E3C-7E5B-45C1-81B0-9D856A8FF1CC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CEE40363-D286-4EB7-80D2-17CF3B606AD6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "897AB7AC-52B1-4335-97D5-D5EA2FF09CC6",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data."
          },
          {
            "lang": "es",
            "value": "Se encontr\u00f3 una falla de inyecci\u00f3n de plantilla en Ansible donde las operaciones de creaci\u00f3n de plantillas internas del controlador de un usuario pueden eliminar la designaci\u00f3n insegura de los datos de la plantilla. Este problema podr\u00eda permitir que un atacante utilice un archivo especialmente manipulado para introducir la inyecci\u00f3n de c\u00f3digo al proporcionar datos de plantillas."
          }
        ],
        "id": "CVE-2023-5764",
        "lastModified": "2024-04-25T16:15:08.903",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.2,
              "source": "secalert@redhat.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-12-12T22:15:22.747",
        "references": [
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7773"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5764"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-Other"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-1336"
              }
            ],
            "source": "secalert@redhat.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.