Vulnerability Details : CVE-2017-7481
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
Vulnerability category: Input validation
Products affected by CVE-2017-7481
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:gluster_storage:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:storage_console:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7481
1.95%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7481
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N |
1.6
|
3.6
|
Red Hat, Inc. | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-7481
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2017-7481
-
https://access.redhat.com/errata/RHSA-2017:1334
RHSA-2017:1334 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:1499
RHSA-2017:1499 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:1476
RHSA-2017:1476 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
Fixing security issue with lookup returns not tainting the jinja2 env… · ansible/ansible@ed56f51 · GitHubPatch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2524
RHSA-2017:2524 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
[SECURITY] [DLA 2535-1] ansible security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4072-1/
USN-4072-1: Ansible vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1244
RHSA-2017:1244 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:1599
RHSA-2017:1599 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://www.securityfocus.com/bid/98492
Ansible CVE-2017-7481 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481
1450018 – (CVE-2017-7481) CVE-2017-7481 ansible: Security issue with lookup return not tainting the jinja2 environmentIssue Tracking;Patch;Vendor Advisory
Jump to