CVE-2021-4041 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Vendor	Product	Version
redhat	ansible_runner	𝑥 < 2.1.0
redhat	ansible_runner	2.1.0:alpha1
redhat	ansible_runner	2.1.0:alpha2
redhat	ansible_runner	2.1.0:beta1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ansible-runner

bookworm	2.3.1-2 fixed
sid	2.4.0-0.1 fixed
trixie	2.4.0-0.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

ansible-runner

jammy	Fixed 2.1.1-1 released
impish	ignored
hirsute	dne
focal	dne
bionic	dne
xenial	ignored
trusty	ignored

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-116 - Improper Encoding or Escaping of Output
The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References

https://access.redhat.com/security/cve/CVE-2021-4041

https://bugzilla.redhat.com/show_bug.cgi?id=2028074

https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd

https://access.redhat.com/security/cve/CVE-2021-4041

https://bugzilla.redhat.com/show_bug.cgi?id=2028074

https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd