CVE-2023-5764

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
redhatCNA
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
redhatansible
𝑥
< 2.14.12
redhatansible
2.15.0 ≤
𝑥
< 2.15.7
redhatansible
2.16.0
redhatansible
2.16.0:beta1
redhatansible
2.16.0:beta2
redhatansible
2.16.0:rc1
fedoraprojectextra_packages_for_enterprise_linux
8.0
redhatansible_automation_platform
2.4
redhatansible_developer
1.1
redhatansible_inside
1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ansible
bullseye
2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
fixed
bullseye (security)
2.10.7+merged+base+2.10.17+dfsg-0+deb11u2
fixed
bookworm
7.7.0+dfsg-3+deb12u1
fixed
sid
11.1.0+dfsg-1
fixed
trixie
11.1.0+dfsg-1
fixed
ansible-core
bookworm
2.14.16-0+deb12u1
fixed
sid
2.18.1-4
fixed
trixie
2.18.1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ansible
oracular
not-affected
noble
not-affected
mantic
not-affected
lunar
not-affected
jammy
Fixed 2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm4
released
focal
Fixed 2.9.6+dfsg-1ubuntu0.1~esm2
released
bionic
Fixed 2.5.1+dfsg-1ubuntu0.1+esm2
released
xenial
Fixed 2.0.0.2-2ubuntu1.3+esm2
released
trusty
not-affected
ansible-core
oracular
needs-triage
noble
needs-triage
mantic
ignored
lunar
ignored
jammy
needs-triage
focal
dne
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:7773
https://access.redhat.com/security/cve/CVE-2023-5764
https://bugzilla.redhat.com/show_bug.cgi?id=2247629
https://access.redhat.com/errata/RHSA-2023:7773
https://access.redhat.com/security/cve/CVE-2023-5764
https://bugzilla.redhat.com/show_bug.cgi?id=2247629
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/
https://security.netapp.com/advisory/ntap-20241025-0001/