<p>Upgrade <code>ansible-core</code> to version 2.15.7rc1, 2.16.1rc1 or higher.</p>

Improper Control of Generation of Code ('Code Injection') Affecting ansible-core package, versions [,2.15.7rc1) [2.16.0,2.16.1rc1)

Threat Intelligence

0.04% (6^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-ANSIBLECORE-6135748
published 21 Dec 2023
disclosed 2 Nov 2023
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 2 Nov 2023

CVE-2023-5764 Open this link in a new tab CWE-94 Open this link in a new tab

How to fix?

Upgrade ansible-core to version 2.15.7rc1, 2.16.1rc1 or higher.

Overview

ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy.

Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection'). An attacker can inject malicious code into the template, leading to unauthorized access and potential data compromise.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Local
Attack Complexity (AC)

Low
Privileges Required (PR)

Low
User Interaction (UI)

Required

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

High
Availability (A)

None

Improper Control of Generation of Code ('Code Injection') Affecting ansible-core package, versions [,2.15.7rc1) [2.16.0,2.16.1rc1)

Severity

CVSS assessment made by Snyk's Security Team