PT-2023-6850 · Ansible+3 · Ansible+4

Vipul Nair

Publicado

2023-11-02

Atualizado

2026-06-03

CVE-2023-5764

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ansible (affected versions not specified)

Description A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data. The flaw is related to incorrect management of code generation when processing templates, which may allow an attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-1336

Identificadores relacionados

ALT-PU-2024-2153

ALT-PU-2024-3465

AZL-32158

AZL-34538

BDU:2023-07854

CVE-2023-5764

GHSA-7J69-QFC3-2FQ9

OESA-2025-1391

OESA-2025-1392

OESA-2025-1393

OESA-2025-1394

OPENSUSE-SU-2024:13485-1

OPENSUSE-SU-2024:13486-1

OPENSUSE-SU-2024:14251-1

OPENSUSE-SU-2024:14537-1

OPENSUSE-SU-2025:15638-1

OPENSUSE-SU-2025:15754-1

OPENSUSE-SU-2026:10945-1

RHSA-2023:7773

SUSE-SU-2024:1427-1

SUSE-SU-2024:1509-1

USN-6846-1

USN-6846-2

USN-6846-3

Produtos afetados

Alt Linux

Ansible

Ansible-Core

Linuxmint

Ubuntu

PT-2023-6850 · Ansible+3 · Ansible+4

CVE-2023-5764

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 102