Alevski

**Name of the Vulnerable Software and Affected Versions** ansible semaphore version 2.8.90 **Description** The issue in ansible semaphore allows a remote attacker to execute arbitrary code via a crafted payload to the `extra variables` parameter. This is related to incorrect code generation management in the configuration management system interface. **Recommendations** For version 2.8.90, consider disabling the `extra variables` parameter until a patch is available to prevent exploitation. Restrict access to the vulnerable parameter to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.