CVE-2017-7481

Current Description

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

Basic Data

PublishedJuly 19, 2018
Last ModifiedJuly 25, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score9.8
CVSS 3 - Base SeverityCRITICAL
Exploitability Score3.9
Base SeverityCRITICAL

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatOpenshift Container Platform3.2*******
    2.3ApplicationRedhatOpenshift Container Platform3.3*******
    2.3ApplicationRedhatOpenshift Container Platform3.4*******
    2.3ApplicationRedhatOpenshift Container Platform3.5*******
    2.3ApplicationRedhatOpenstack10.0*******
    2.3ApplicationRedhatOpenstack11.0*******
    2.3ApplicationRedhatVirtualization4.1*******
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationRedhatGluster Storage3.2*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSRedhatEnterprise Linux7.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatAnsible Engine********2.3.1.0
    2.3ApplicationRedhatAnsible Engine2.4.0.0*******

Vulnerable Software List

VendorProductVersions
Redhat Openstack 10.0, 11.0
Redhat Gluster Storage 3.2
Redhat Ansible Engine *, 2.4.0.0
Redhat Virtualization 4.1
Redhat Openshift Container Platform 3.2, 3.3, 3.4, 3.5

References

NameSourceURLTags
98492http://www.securityfocus.com/bid/98492BIDThird Party Advisory VDB Entry
RHSA-2017:1244https://access.redhat.com/errata/RHSA-2017:1244REDHATVendor Advisory
RHSA-2017:1334https://access.redhat.com/errata/RHSA-2017:1334REDHATVendor Advisory
RHSA-2017:1476https://access.redhat.com/errata/RHSA-2017:1476REDHATVendor Advisory
RHSA-2017:1499https://access.redhat.com/errata/RHSA-2017:1499REDHATVendor Advisory
RHSA-2017:1599https://access.redhat.com/errata/RHSA-2017:1599REDHATVendor Advisory
RHSA-2017:2524https://access.redhat.com/errata/RHSA-2017:2524REDHATVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481CONFIRMIssue Tracking Patch Vendor Advisory
https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2CONFIRMPatch Third Party Advisory
USN-4072-1https://usn.ubuntu.com/4072-1/UBUNTU