PT-2023-6850 · Ansible+3 · Ansible+4

Vipul Nair

Published

2023-11-02

Updated

2026-06-03

CVE-2023-5764

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ansible (affected versions not specified)

Description A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data. The flaw is related to incorrect management of code generation when processing templates, which may allow an attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-1336

Related Identifiers

ALT-PU-2024-2153

ALT-PU-2024-3465

AZL-32158

AZL-34538

BDU:2023-07854

CVE-2023-5764

GHSA-7J69-QFC3-2FQ9

OESA-2025-1391

OESA-2025-1392

OESA-2025-1393

OESA-2025-1394

OPENSUSE-SU-2024:13485-1

OPENSUSE-SU-2024:13486-1

OPENSUSE-SU-2024:14251-1

OPENSUSE-SU-2024:14537-1

OPENSUSE-SU-2025:15638-1

OPENSUSE-SU-2025:15754-1

OPENSUSE-SU-2026:10945-1

RHSA-2023:7773

SUSE-SU-2024:1427-1

SUSE-SU-2024:1509-1

USN-6846-1

USN-6846-2

USN-6846-3

Affected Products

Alt Linux

Ansible

Ansible-Core

Linuxmint

Ubuntu

PT-2023-6850 · Ansible+3 · Ansible+4

CVE-2023-5764

Weakness Enumeration

Related Identifiers

Affected Products

References · 102