Bug 1968412 (CVE-2021-3583)
Summary: | CVE-2021-3583 ansible: Template Injection through yaml multi-line strings with ansible facts used in template. | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tapas Jena <tjena> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | a.badger, asherlan, bcoca, chousekn, cmeyers, davidn, dylan, gblomqui, jcammara, jhardy, jjoyce, jobarker, jschluet, kevin, lhh, lpeer, mabashia, maxim, mburns, notting, osapryki, patrick, relrod, rpetrell, sclewis, sdoran, security-response-team, slinaber, smcdonal, tkuratom, tuxmealux+redhatbz |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ansible_tower 3.7, ansible_engine 2.9.23 | Doc Type: | --- |
Doc Text: |
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-07-07 10:40:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1976097, 1969274, 1969275, 1976092, 1976093, 1976096, 1976098 | ||
Bug Blocks: | 1967965, 1968686, 2002257 |
Description
Tapas Jena
2021-06-07 10:57:58 UTC
Analysis is complete and its found to be a legitimate issue. The issue has been successfully reproduced. Hence, marking it as "Affected" -> "fix" for AAP 1 and Ansible Tower. Created ansible tracking bugs for this issue: Affects: epel-all [bug 1976097] Affects: fedora-all [bug 1976096] Affects: openstack-rdo [bug 1976098] This issue has been addressed in the following products: Red Hat Ansible Engine 2.9 for RHEL 8 Red Hat Ansible Engine 2.9 for RHEL 7 Via RHSA-2021:2663 https://access.redhat.com/errata/RHSA-2021:2663 This issue has been addressed in the following products: Red Hat Ansible Engine 2 for RHEL 8 Red Hat Ansible Engine 2 for RHEL 7 Via RHSA-2021:2664 https://access.redhat.com/errata/RHSA-2021:2664 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3583 |