Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Redhat
  • Openstack
  • Gluster Storage
  • Openshift Container Platform
  • Enterprise Linux
  • Ansible Engine
  • Storage Console
  • Virtualization
  • Virtualization Manager
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux

Configuration 1 [-]

OR cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage_console:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:a:redhat:gluster_storage:3.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/bid/98492 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1244 Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1334 Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1476 Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1499 Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1599 Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:2524 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481 Issue Tracking Patch Vendor Advisory
https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2 Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html Mailing List Third Party Advisory
https://usn.ubuntu.com/4072-1/ Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-07-19T13:00:00

Updated: 2021-01-27T23:06:14

Reserved: 2017-04-05T00:00:00

Link: CVE-2017-7481

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-07-19T13:29:00.340

Modified: 2021-08-04T17:15:29.523

Link: CVE-2017-7481

JSON object: View

cve-icon Redhat Information

No data.

CWE