CVE-2023-5764

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-5764

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5764.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-5764

Aliases

GHSA-7j69-qfc3-2fq9

Related

Published

2023-12-12T22:15:22Z

Modified

2025-02-19T03:35:39.412903Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.

References

Affected packages

Debian:11 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.7+merged+base+2.10.17+dfsg-0+deb11u1

Affected versions

2.*

2.10.7+merged+base+2.10.8+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ansible-core

Package

Name: ansible-core
Purl: pkg:deb/debian/ansible-core?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.14.16-0+deb12u1

Affected versions

2.*

2.14.3-1

2.14.6-1

2.14.7-1

2.14.8-1

2.14.9-1

2.14.9-2

2.14.10-1

2.14.11-1

2.14.11-2

2.14.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ansible-core

Package

Name: ansible-core
Purl: pkg:deb/debian/ansible-core?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.14.13-1

Affected versions

2.*

2.14.3-1

2.14.6-1

2.14.7-1

2.14.8-1

2.14.9-1

2.14.9-2

2.14.10-1

2.14.11-1

2.14.11-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1acaaadd0bcb416237410050dfd1ab1eeaabc046

Affected versions

0.*

0.0.1

0.0.2

0.01

0.3

0.7

Other

pre-ansible-base

v1_last

stable-2.*

stable-2.10-branchpoint

stable-2.11-branchpoint

stable-2.9-branchpoint

v1.*

v1.0

v1.1

v1.2

v1.4.0

v1.5.0

v1.5.1

v1.6.0

v2.*

v2.0.0-0.1.alpha1

v2.0.0-0.2.alpha2

v2.0.0-0.3.beta1

v2.0.0-0.4.beta2

v2.0.0-0.5.beta3

v2.11.0b1

v2.11.0b2

v2.11.0b3

v2.11.0b4

v2.14.0

v2.14.0b1

v2.14.0b2

v2.14.0b3

v2.14.0rc1

v2.14.0rc2

v2.14.1

v2.14.10

v2.14.10rc1

v2.14.11

v2.14.11rc1

v2.14.12rc1

v2.14.1rc1

v2.14.2

v2.14.2rc1

v2.14.3

v2.14.3rc1

v2.14.4

v2.14.4rc1

v2.14.5

v2.14.5rc1

v2.14.6

v2.14.6rc1

v2.14.7

v2.14.7rc1

v2.14.8

v2.14.8rc1

v2.14.9

v2.14.9rc1

v2.6.0a1

v2.7.0.a1

v2.8.0a1