Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.
Múltiples vulnerabilidades de inyección de argumentos en Ansible versiones anteriores a 1.6.7, permiten a atacantes remotos ejecutar código arbitrario al aprovechar el acceso a un host administrado de Ansible y proporcionar un dato diseñado como es demostrado por un dato con (1) una cláusula "src=" al final, (2) una cláusula "temp=" al final, o (3) una cláusula "validate=" al final, acompañada de un comando de shell.
The Ansible platform suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control certain playbook variables. Versions 1.6.6 and below are affected.
