Ansible-Core. This CVE-2024-11079
MEDIUMSeverity by source
AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Primary rating from Vendor (redhat) · only source for this CVE.
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
AnalysisAI
A flaw was found in Ansible-Core.
Technical ContextAI
Remote code execution allows an attacker to run arbitrary commands or code on the target system over a network without prior authentication. This vulnerability is classified as Improper Input Validation (CWE-20).
Affected ProductsAI
Affected: Ansible-Core
RemediationAI
Apply vendor patches immediately. Restrict network access to vulnerable services. Implement network segmentation and monitoring for anomalous activity.
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-99w6-3xph-cx78