Oval Definition:oval:org.opensuse.security:def:20213583
Revision Date:2022-06-30Version:1
Title:CVE-2021-3583
Description:

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2021-3583
SUSE CVE-2021-3583
SUSE-SU-2021:4152-1
Platform(s):openSUSE Tumbleweed
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND ansible is not affected
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • ansible-2.9.24-1.2 is installed
  • OR ansible-doc-2.9.24-1.2 is installed
  • OR ansible-test-2.9.24-1.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3-TERADATA is installed
  • AND ansible-2.9.27-11.20.1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND ansible1 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND ansible-2.9.27-3.21.1 is installed
  • OR Package Information
  • SUSE OpenStack Cloud 8 is installed
  • AND
  • ansible-2.9.27-3.21.1 is installed
  • OR ansible1 is affected
    • BACK