CVE-2024-11079
- Source
- https://cve.org/CVERecord?id=CVE-2024-11079
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11079.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-11079
- Aliases
- Downstream
- Related
- Published
- 2024-11-11T23:32:55.539Z
- Modified
- 2026-05-18T05:56:00.472885118Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L CVSS Calculator
- Summary
- Ansible-core: unsafe tagging bypass via hostvars object in ansible-core
- Details
-
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/11xxx/CVE-2024-11079.json", "cna_assigner": "redhat", "cwe_ids": [ "CWE-20" ] }- References
-
- https://access.redhat.com/downloads/content/package-browser/
- https://catalog.redhat.com/software/containers/
- https://lists.debian.org/debian-lts-announce/2026/03/msg00006.html
- https://access.redhat.com/errata/RHSA-2024:10770
- https://access.redhat.com/errata/RHSA-2024:11145
- https://access.redhat.com/security/cve/CVE-2024-11079
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/11xxx/CVE-2024-11079.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-11079
- https://bugzilla.redhat.com/show_bug.cgi?id=2325171
- https://github.com/ansible/ansible
Affected packages
Git / github.com/ansible/ansible
Affected versions
0.*
0.0.1
0.01
0.3
0.7
Other
pre-ansible-base
stable-2.*
stable-2.10-branchpoint
stable-2.11-branchpoint
stable-2.9-branchpoint
v1.*
v1.0
v1.1
v1.2
v1.4.0
v1.6.0
v2.*
v2.0.0-0.1.alpha1
v2.0.0-0.2.alpha2
v2.0.0-0.3.beta1
v2.0.0-0.4.beta2
v2.0.0-0.5.beta3
v2.11.0b1
v2.11.0b2
v2.11.0b3
v2.11.0b4
v2.18.0
v2.18.0b1
v2.18.0rc1
v2.18.0rc2
v2.6.0a1
v2.7.0.a1
v2.8.0a1