CVE-2017-7481

ansible: Security issue with lookup return not tainting the jinja2 environment

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

Ansible en versiones anteriores a la 2.3.1.0 y 2.4.0.0 no marca correctamente los resultados del plugin lookup como no seguros. Si un atacante pudiese controlar los resultados de las llamadas lookup(), podrían inyectar cadenas Unicode para que sean analizadas por el sistema de plantillas jinja2, resultando en una ejecución de código. Por defecto, el lenguaje de plantillas jinja2 se marca ahora como "no seguro" y no se evalúa.

An input validation flaw was found in Ansible, where it fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-04-05 CVE Reserved
2017-05-18 CVE Published
2024-06-28 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (13)

URL	Tag	Source
http://www.securityfocus.com/bid/98492	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html	Mailing List

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481	2021-08-04
https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2	2021-08-04

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2017:1244	2021-08-04
https://access.redhat.com/errata/RHSA-2017:1334	2021-08-04
https://access.redhat.com/errata/RHSA-2017:1476	2021-08-04
https://access.redhat.com/errata/RHSA-2017:1499	2021-08-04
https://access.redhat.com/errata/RHSA-2017:1599	2021-08-04
https://access.redhat.com/errata/RHSA-2017:2524	2021-08-04
https://usn.ubuntu.com/4072-1	2021-08-04
https://access.redhat.com/security/cve/CVE-2017-7481	2017-08-22
https://bugzilla.redhat.com/show_bug.cgi?id=1450018	2017-08-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"	Gluster Storage Search vendor "Redhat" for product "Gluster Storage"	3.2 Search vendor "Redhat" for product "Gluster Storage" and version "3.2"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"	-	Safe
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				3.3 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.3"		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				3.4 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.4"		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				3.5 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.5"		-		Affected
Redhat Search vendor "Redhat"		Openstack Search vendor "Redhat" for product "Openstack"				10 Search vendor "Redhat" for product "Openstack" and version "10"		-		Affected
Redhat Search vendor "Redhat"		Openstack Search vendor "Redhat" for product "Openstack"				11 Search vendor "Redhat" for product "Openstack" and version "11"		-		Affected
Redhat Search vendor "Redhat"		Storage Console Search vendor "Redhat" for product "Storage Console"				2.0 Search vendor "Redhat" for product "Storage Console" and version "2.0"		-		Affected
Redhat Search vendor "Redhat"		Virtualization Search vendor "Redhat" for product "Virtualization"				4.1 Search vendor "Redhat" for product "Virtualization" and version "4.1"		-		Affected
Redhat Search vendor "Redhat"		Virtualization Manager Search vendor "Redhat" for product "Virtualization Manager"				4.1 Search vendor "Redhat" for product "Virtualization Manager" and version "4.1"		-		Affected
Redhat Search vendor "Redhat"		Ansible Engine Search vendor "Redhat" for product "Ansible Engine"				< 2.3.1.0 Search vendor "Redhat" for product "Ansible Engine" and version " < 2.3.1.0"		-		Affected
Redhat Search vendor "Redhat"		Ansible Engine Search vendor "Redhat" for product "Ansible Engine"				>= 2.3.2.0 < 2.4.0.0 Search vendor "Redhat" for product "Ansible Engine" and version " >= 2.3.2.0 < 2.4.0.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected