Back to bug 2028074
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Vipul Nair | 2021-12-01 12:56:26 UTC | Doc Text | A flaw was found in ansible-runner,where when calling ansible_runner.interface.run_command due to improper escaping the parameters get executed as host shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment thereby resulting in an impact on confidentiality, integrity, and availability of the system | A flaw was found in ansible-runner,while calling ansible_runner.interface.run_command due to improper escaping of shell command where the parameters get executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.This affects confidentiality, integrity, and availability of the system |
| Vipul Nair | 2021-12-01 12:56:49 UTC | Doc Text | A flaw was found in ansible-runner,while calling ansible_runner.interface.run_command due to improper escaping of shell command where the parameters get executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.This affects confidentiality, integrity, and availability of the system | A flaw was found in ansible-runner, while calling ansible_runner.interface.run_command due to improper escaping of shell command where the parameters get executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment. This affects confidentiality, integrity, and availability of the system |
| Vipul Nair | 2021-12-02 10:37:28 UTC | Depends On | 2028406 | |
| Dhananjay Arunesh | 2021-12-02 10:56:50 UTC | Alias | CVE-2021-4041 | |
| Summary | Ansible: Improper shell escaping in ansible-runner | CVE-2021-4041 Ansible: Improper shell escaping in ansible-runner | ||
| Eric Christensen | 2021-12-06 20:38:56 UTC | Doc Text | A flaw was found in ansible-runner, while calling ansible_runner.interface.run_command due to improper escaping of shell command where the parameters get executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment. This affects confidentiality, integrity, and availability of the system | A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment. |
| Salvatore Bonaccorso | 2021-12-12 10:07:16 UTC | CC | carnil | |
| Red Hat Bugzilla | 2021-12-15 11:50:52 UTC | CC | cmeyers | |
| Vipul Nair | 2021-12-17 10:27:55 UTC | Fixed In Version | ANSIBLE-AUTOMATION-PLATFORM-2.1-RHEL-8 | |
| Borja Tarraso | 2021-12-17 13:12:36 UTC | Fixed In Version | ANSIBLE-AUTOMATION-PLATFORM-2.1-RHEL-8 | ansible-runner 2.1.0 |
| Red Hat Bugzilla | 2021-12-20 17:33:29 UTC | CC | sdoran | |
| errata-xmlrpc | 2022-01-11 20:55:17 UTC | Link ID | Red Hat Product Errata RHSA-2022:0108 | |
| Product Security DevOps Team | 2022-01-11 22:00:41 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2022-01-11 22:00:41 UTC | |||
| Vipul Nair | 2023-03-21 15:50:01 UTC | CC | akarol, amctagga, aoconnor, bbuckingham, bcourt, bniver, cwelton, dmetzger, eglynn, ehelms, epacific, flucifre, gmccullo, gmeno, gtanzill, jjoyce, jneedle, jsherril, lhh, lzap, mbenjamin, mburns, mgarciac, mhackett, mhulan, michal.skrivanek, mperina, myarboro, nmoumoul, orabin, pcreech, rchan, rhos-maint, roliveri, sbonazzo, simaishi, smallamp, sostapov, spower, teagle, vereddy, yguenane, zsadeh | |
| Vipul Nair | 2023-03-21 15:51:55 UTC | CC | akarol, amctagga, aoconnor, bbuckingham, bcourt, bniver, dmetzger, eglynn, ehelms, flucifre, gmccullo, gmeno, gtanzill, jjoyce, jsherril, lhh, lzap, mbenjamin, mburns, mgarciac, mhackett, mhulan, michal.skrivanek, mperina, myarboro, nmoumoul, orabin, pcreech, rchan, rhos-maint, roliveri, sbonazzo, smallamp, sostapov, spower, vereddy | |
| Vipul Nair | 2023-03-21 15:52:25 UTC | CC | akarol, amctagga, aoconnor, bbuckingham, bcourt, bniver, dmetzger, eglynn, ehelms, flucifre, gmccullo, gmeno, gtanzill, jjoyce, jsherril, lhh, lzap, mbenjamin, mburns, mgarciac, mhackett, mhulan, michal.skrivanek, mperina, myarboro, nmoumoul, orabin, pcreech, rchan, rhos-maint, roliveri, sbonazzo, smallamp, sostapov, spower, vereddy | |
| Vipul Nair | 2023-03-21 15:54:10 UTC | Depends On | 2180516, 2180515 | |
| Avinash Hanwate | 2023-03-22 05:53:59 UTC | Depends On | 2180723, 2180722, 2180721, 2180720 | |
| Vipul Nair | 2023-03-28 13:11:13 UTC | Depends On | 2182373 |
Back to bug 2028074