CVE-2024-11079

low-risk
Published 2024-11-12

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
NETWORK / HIGH complexity

References (5)

https://access.redhat.com/errata/RHSA-2024:10770
https://access.redhat.com/errata/RHSA-2024:11145
https://access.redhat.com/security/cve/CVE-2024-11079
https://bugzilla.redhat.com/show_bug.cgi?id=2325171
https://lists.debian.org/debian-lts-announce/2026/03/msg00006.html
22
/ 100
low-risk
Severity 17/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal