ALT-PU-2023-7978-3

Package ansible-core updated to version 2.16.1-alt1 for branch sisyphus in task 335451.

Уязвимость системы управления конфигурациями Ansible, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.6)Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Severity: MEDIUM (6.2)Vector: AV:L/AC:L/Au:S/C:C/I:C/A:N

References:

CVE-2023-5764

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.

Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Ansible template injection vulnerability

Severity: MEDIUM (6.6)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

References:

apt_rpm не обновляет пакеты

Version: 2.1.2

Package ansible-core update in sisyphus on 2023-12-11

ALT-PU-2023-7978-3

Closed vulnerabilities

BDU:2023-07854

CVE-2023-5764

GHSA-7j69-qfc3-2fq9

Closed bugs

Bug #48091