Ansible Automation Platform
CVE-2021-3583
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
AnalysisAI
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. Affected products include: Redhat Ansible Automation Platform, Redhat Ansible Engine, Redhat Ansible Tower.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ansible Automation Platform
View allA path traversal vulnerability exists in Ansible when extracting tarballs. Rated medium severity (CVSS 6.5), this vulner
A privilege escalation flaw was found in the Ansible Automation Platform. Rated medium severity (CVSS 6.5), this vulnera
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes th
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the u
A flaw was found in the Ansible Automation Platform. Rated high severity (CVSS 7.8), this vulnerability is low attack co
A flaw was found in the python-cryptography package. Rated high severity (CVSS 7.5), this vulnerability is remotely expl
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the
An Improper Certificate Validation attack was found in Openshift. Rated medium severity (CVSS 6.5), this vulnerability i
An absolute path traversal attack exists in the Ansible automation platform. Rated medium severity (CVSS 6.3), this vuln
A logic flaw exists in Ansible Automation platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exp
A vulnerability was found in aap-gateway. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable,
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project na
Same weakness CWE-20 – Improper Input Validation
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today