An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.
References
| Link | Resource |
|---|---|
| https://gist.github.com/Alevsk/1757da24c5fb8db735d392fd4146ca3a | Third Party Advisory |
| https://www.alevsk.com/2023/07/a-quick-story-of-security-pitfalls-with-execcommand-in-software-integrations/ | Exploit Third Party Advisory |
| https://gist.github.com/Alevsk/1757da24c5fb8db735d392fd4146ca3a | Third Party Advisory |
| https://www.alevsk.com/2023/07/a-quick-story-of-security-pitfalls-with-execcommand-in-software-integrations/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:14
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://gist.github.com/Alevsk/1757da24c5fb8db735d392fd4146ca3a - Third Party Advisory | |
| References | () https://www.alevsk.com/2023/07/a-quick-story-of-security-pitfalls-with-execcommand-in-software-integrations/ - Exploit, Third Party Advisory |
02 Oct 2024, 16:35
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-94 |
30 Aug 2023, 00:30
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:ansible-semaphore:ansible_semaphore:2.8.90:*:*:*:*:ansible:*:* | |
| References | (MISC) https://gist.github.com/Alevsk/1757da24c5fb8db735d392fd4146ca3a - Third Party Advisory | |
| References | (MISC) https://www.alevsk.com/2023/07/a-quick-story-of-security-pitfalls-with-execcommand-in-software-integrations/ - Exploit, Third Party Advisory | |
| First Time |
Ansible-semaphore ansible Semaphore
Ansible-semaphore |
|
| CWE | NVD-CWE-noinfo | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
28 Aug 2023, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-28 22:15
Updated : 2024-11-21 08:14
NVD link : CVE-2023-39059
Mitre link : CVE-2023-39059
CVE.ORG link : CVE-2023-39059
JSON object : View
Products Affected
ansible-semaphore
- ansible_semaphore
CWE