Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-11079

Good to know:

icon
icon

Date: November 11, 2024

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

Language: Python

Severity Score

Related Resources (13)

https://github.com/ansible/ansible
https://github.com/ansible/ansible/pull/84299
https://bugzilla.redhat.com/show_bug.cgi?id=2325171
https://github.com/ansible/ansible/commit/98774d15d7748ebaaaf2e83942cc7e8d39f7280e
https://github.com/ansible/ansible/commit/2936b80dbbc7efb889934aeec80f6142c10266ce
https://github.com/ansible/ansible/blob/v2.18.1/changelogs/CHANGELOG-v2.18.rst#security-fixes
https://access.redhat.com/errata/RHSA-2024:10770
https://github.com/ansible/ansible/commit/70e83e72b43e05e57eb42a6d52d01a4d9768f510
https://access.redhat.com/errata/RHSA-2024:11145
https://access.redhat.com/security/cve/CVE-2024-11079
https://github.com/ansible/ansible/pull/84339
https://nvd.nist.gov/vuln/detail/CVE-2024-11079
https://www.mend.io/vulnerability-database/CVE-2024-11079

Severity Score

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

icon

Upgrade Version

Upgrade to version ansible-core - 2.18.1rc1;ansible-core - 2.17.7rc1;ansible-core - 2.16.14rc1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us