CVE-2023-5764

Source
https://cve.org/CVERecord?id=CVE-2023-5764
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5764.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-5764
Aliases
Downstream
Related
Published
2023-12-12T22:01:33.467Z
Modified
2026-07-11T03:54:34.706026732Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Ansible: template injection
Details

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.

Database specific
{
    "cwe_ids": [
        "CWE-1336"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5764.json",
    "cna_assigner": "redhat"
}
References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type
GIT
Repo
https://github.com/ansible/ansible
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Introduced
Database specific
{
    "cpe": [
        "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:ansible:2.16.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:ansible:2.16.0:rc1:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.14.12"
        },
        {
            "introduced": "2.15.0"
        },
        {
            "fixed": "2.15.7"
        },
        {
            "introduced": "2.16.0-NA"
        },
        {
            "last_affected": "2.16.0-NA"
        },
        {
            "introduced": "2.16.0-rc1"
        },
        {
            "last_affected": "2.16.0-rc1"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

0.*
0.0.1
0.01
0.3
0.7
2.*
2.16.0-NA
2.16.0-rc1
Other
pre-ansible-base
stable-2.*
stable-2.10-branchpoint
stable-2.11-branchpoint
stable-2.9-branchpoint
v1.*
v1.0
v1.1
v1.2
v1.4.0
v1.6.0
v2.*
v2.0.0-0.1.alpha1
v2.0.0-0.2.alpha2
v2.0.0-0.3.beta1
v2.0.0-0.4.beta2
v2.0.0-0.5.beta3
v2.11.0b1
v2.11.0b2
v2.11.0b3
v2.11.0b4
v2.14.0
v2.14.0b1
v2.14.0b2
v2.14.0b3
v2.14.0rc1
v2.14.0rc2
v2.14.1
v2.14.10
v2.14.10rc1
v2.14.11
v2.14.11rc1
v2.14.12rc1
v2.14.1rc1
v2.14.2
v2.14.2rc1
v2.14.3
v2.14.3rc1
v2.14.4
v2.14.4rc1
v2.14.5
v2.14.5rc1
v2.14.6
v2.14.6rc1
v2.14.7
v2.14.7rc1
v2.14.8
v2.14.8rc1
v2.14.9
v2.14.9rc1
v2.15.0
v2.15.1
v2.15.1rc1
v2.15.2
v2.15.2rc1
v2.15.3
v2.15.3rc1
v2.15.4
v2.15.4rc1
v2.15.5
v2.15.5rc1
v2.15.6
v2.15.6rc1
v2.15.7rc1
v2.6.0a1
v2.7.0.a1
v2.8.0a1

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5764.json"