CVE-2023-5764

{"id": "CVE-2023-5764", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2023-12-12T22:15:22.747", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7773", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5764", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-1336"}]}], "descriptions": [{"lang": "en", "value": "A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de inyecci\u00f3n de plantilla en Ansible donde las operaciones de creaci\u00f3n de plantillas internas del controlador de un usuario pueden eliminar la designaci\u00f3n insegura de los datos de la plantilla. Este problema podr\u00eda permitir que un atacante utilice un archivo especialmente manipulado para introducir la inyecci\u00f3n de c\u00f3digo al proporcionar datos de plantillas."}], "lastModified": "2024-09-16T17:16:01.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5995DC14-0DBB-4784-B57D-21F850D4CE63", "versionEndExcluding": "2.14.12"}, {"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4212FD6E-7D15-403C-9B4B-48F348F18501", "versionEndExcluding": "2.15.7", "versionStartIncluding": "2.15.0"}, {"criteria": "cpe:2.3:a:redhat:ansible:2.16.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D717EC3B-C9C9-49C5-B64B-58A46A6A99B4"}, {"criteria": "cpe:2.3:a:redhat:ansible:2.16.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B01E3989-78A3-4CD3-9F6B-CD5AF3559365"}, {"criteria": "cpe:2.3:a:redhat:ansible:2.16.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D109D9B1-B465-4708-BC0C-134AF8D81BB9"}, {"criteria": "cpe:2.3:a:redhat:ansible:2.16.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90BA6AD3-1627-46DA-9972-96A567EC17A1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05986E3C-7E5B-45C1-81B0-9D856A8FF1CC"}, {"criteria": "cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE40363-D286-4EB7-80D2-17CF3B606AD6"}, {"criteria": "cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "897AB7AC-52B1-4335-97D5-D5EA2FF09CC6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}