CVE-2023-5764

Summary

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 81:2.15.8-1.el8ap < *unaffected
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 81:2.15.8-1.el8ap < *unaffected
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 91:2.15.8-1.el9ap < *unaffected
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 91:2.15.8-1.el9ap < *unaffected

Weaknesses

  • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References