CVE-2021-3583

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*

History

28 Dec 2023, 19:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html -

07 Oct 2022, 20:22

Type Values Removed Values Added
CWE CWE-77 CWE-94

05 Oct 2021, 16:12

Type Values Removed Values Added
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1968412 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1968412 - Issue Tracking, Vendor Advisory
CWE CWE-20
CPE cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 3.6
v3 : 7.1

22 Sep 2021, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-22 12:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-3583

Mitre link : CVE-2021-3583

CVE.ORG link : CVE-2021-3583


JSON object : View

Products Affected

redhat

  • ansible_engine
  • ansible_automation_platform
  • ansible_tower
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-20

Improper Input Validation