Akasurde

**Name of the Vulnerable Software and Affected Versions** Ansible Engine versions 2.7.15 through 2.9.2 and all previous versions **Description** A flaw was found in the solaris zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. **Recommendations** For Ansible Engine versions 2.7.15 through 2.9.2 and all previous versions, consider disabling the solaris zone module until a patch is available to prevent exploitation. Restrict access to the remote host to minimize the risk of arbitrary command execution. Avoid using the 'ps' command for zone name checks in the solaris zone module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.