Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-7481

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

Published

2018-07-19T13:29:00.340

Last Modified

2024-11-21T03:31:59.250

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-20
Type: Secondary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openshift_container_platform	3.3	Yes
Application	redhat	openshift_container_platform	3.4	Yes
Application	redhat	openshift_container_platform	3.5	Yes
Application	redhat	openstack	10	Yes
Application	redhat	openstack	11	Yes
Application	redhat	storage_console	2.0	Yes
Application	redhat	virtualization	4.1	Yes
Application	redhat	virtualization_manager	4.1	Yes
Application	redhat	gluster_storage	3.2	Yes
Operating System	redhat	enterprise_linux	7.0	No
Application	redhat	ansible_engine	< 2.3.1.0	Yes
Application	redhat	ansible_engine	< 2.4.0.0	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Operating System	canonical	ubuntu_linux	19.04	Yes
Operating System	debian	debian_linux	9.0	Yes

References

http://www.securityfocus.com/bid/98492 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2017:1244 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:1334 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:1476 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:1499 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:1599 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:2524 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481 Issue Tracking, Patch, Vendor Advisory ([email protected])
https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2 Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html Mailing List, Third Party Advisory ([email protected])
https://usn.ubuntu.com/4072-1/ Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/98492 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1244 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1334 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1476 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1499 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1599 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2524 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481 Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4072-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)