Name of the Vulnerable Software and Affected Versions Ansible Engine versions prior to 2.7.16, 2.8.8, and 2.9.3

Description A flaw in the solaris zone module allows an attacker to execute arbitrary commands on a remote Solaris host by crafting the zone name. This is possible because the module checks the zone name by listing processes with the 'ps' command on the remote machine.

Recommendations For Ansible Engine versions 2.7.15 and earlier, update to version 2.7.16 or later. For Ansible Engine versions 2.8.7 and earlier, update to version 2.8.8 or later. For Ansible Engine versions 2.9.2 and earlier, update to version 2.9.3 or later. As a temporary workaround, consider restricting the use of the solaris zone module until a patch is available.