CVE-2017-7481

EUVD-2018-0014
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
redhatCNA
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
redhatopenshift_container_platform
3.3
redhatopenshift_container_platform
3.4
redhatopenshift_container_platform
3.5
redhatstorage_console
2.0
redhatvirtualization
4.1
redhatvirtualization_manager
4.1
redhatgluster_storage
3.2
redhatansible_engine
𝑥
< 2.3.1.0
redhatansible_engine
2.3.2.0 ≤
𝑥
< 2.4.0.0
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.04
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ansible
bookworm
7.7.0+dfsg-3+deb12u1
fixed
bullseye
2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
fixed
jessie
not-affected
sid
10.5.0+dfsg-2
fixed
trixie
10.5.0+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ansible
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
needed
xenial
Fixed 2.0.0.2-2ubuntu1.3
released
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98492
https://access.redhat.com/errata/RHSA-2017:1244
https://access.redhat.com/errata/RHSA-2017:1334
https://access.redhat.com/errata/RHSA-2017:1476
https://access.redhat.com/errata/RHSA-2017:1499
https://access.redhat.com/errata/RHSA-2017:1599
https://access.redhat.com/errata/RHSA-2017:2524
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481
https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
https://usn.ubuntu.com/4072-1/
http://www.securityfocus.com/bid/98492
https://access.redhat.com/errata/RHSA-2017:1244
https://access.redhat.com/errata/RHSA-2017:1334
https://access.redhat.com/errata/RHSA-2017:1476
https://access.redhat.com/errata/RHSA-2017:1499
https://access.redhat.com/errata/RHSA-2017:1599
https://access.redhat.com/errata/RHSA-2017:2524
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481
https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
https://usn.ubuntu.com/4072-1/