CVE-2021-3583

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3583

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3583.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-3583

Aliases

Related

Published

2021-09-22T12:15:07Z

Modified

2025-02-19T03:19:37.757555Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.

References

Affected packages

Debian:11 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.7+merged+base+2.10.17+dfsg-0+deb11u1

Affected versions

2.*

2.10.7+merged+base+2.10.8+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ansible-core

Package

Name: ansible-core
Purl: pkg:deb/debian/ansible-core?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ansible-core

Package

Name: ansible-core
Purl: pkg:deb/debian/ansible-core?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8016c034da1140fe09f7db626124ebe04a27557a

Affected versions

0.*

0.0.1

0.0.2

0.01

0.3

0.7

stable-2.*

stable-2.9-branchpoint

v1.*

v1.0

v1.1

v1.2

v1.4.0

v1.5.0

v1.5.1

v1.6.0

Other

v1_last

v2.*

v2.0.0-0.1.alpha1

v2.0.0-0.2.alpha2

v2.0.0-0.3.beta1

v2.0.0-0.4.beta2

v2.0.0-0.5.beta3

v2.6.0a1

v2.7.0.a1

v2.8.0a1

v2.9.0

v2.9.0b1

v2.9.0rc1

v2.9.0rc2

v2.9.0rc3

v2.9.0rc4

v2.9.0rc5

v2.9.1

v2.9.10

v2.9.11

v2.9.12

v2.9.13

v2.9.14

v2.9.14rc1

v2.9.15

v2.9.15rc1

v2.9.16

v2.9.16rc1

v2.9.17

v2.9.17rc1

v2.9.18

v2.9.18rc1

v2.9.19

v2.9.19rc1

v2.9.2

v2.9.20

v2.9.20rc1

v2.9.21

v2.9.21rc1

v2.9.22

v2.9.22rc1

v2.9.23rc1

v2.9.3

v2.9.4

v2.9.5

v2.9.6

v2.9.7

v2.9.8

v2.9.9