ALT-PU-2021-2979-2

Package update ansible in branch c9f2

Version2.9.26-alt2

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (3)

HIGH7.1

Уязвимость программного пакета Ansible, связанная с непринятием мер по очистке входных данных, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

Published: 2023-01-23Modified: 2026-01-20

CVSS 3.xHIGH 7.1

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS 2.0MEDIUM 6.2

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:N

References

CVE-2021-3583

HIGH7.1

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.

Published: 2021-09-22Modified: 2024-11-21

CVSS 2.0LOW 3.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References

GHSA-2pfh-q76x-gwvm

HIGH8.6

Improper Input Validation and Command Injection in Ansible

Published: 2021-09-24Modified: 2024-09-06

CVSS 3.xHIGH 8.6

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS 4.0HIGH 8.6

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References

Closed bugs (2)

ansible зависит от /usr/bin/pip

ansible: явно избыточные зависимости, сломана установка пакетов модулем package