CVE-2017-7481
high-risk
Published 2018-07-19
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
Do I need to act?
~
3.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (14)
Storage Console
Virtualization Manager
References (22)
Third Party Advisory
http://www.securityfocus.com/bid/98492
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1244
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1334
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1476
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1499
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1599
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:2524
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481
Third Party Advisory
https://usn.ubuntu.com/4072-1/
Third Party Advisory
http://www.securityfocus.com/bid/98492
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1244
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1334
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1476
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1499
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1599
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:2524
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481
and 2 more references
57
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
7/34 · Low
Exposure
18/34 · Moderate