CVE-2024-11079
Public on 2024-11-12
Modified on 2024-11-16
Description
This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2023 | ansible-core | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |
| NVD | CVSSv3 | 5.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |