2.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:N/I:P/A:P
3.9 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L
0.0005 Low
EPSS
Percentile
17.4%
A flaw was found in Ansible Engine when the module package or service is used and the parameter ‘use’ is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | ansible | <= 7.3.0+dfsg-1 | ansible_7.3.0+dfsg-1_all.deb |
Debian | 11 | all | ansible | <= 2.10.7+merged+base+2.10.8+dfsg-1 | ansible_2.10.7+merged+base+2.10.8+dfsg-1_all.deb |
Debian | 999 | all | ansible | <= 10.1.0+dfsg-1 | ansible_10.1.0+dfsg-1_all.deb |
Debian | 13 | all | ansible | <= 9.5.1+dfsg-1 | ansible_9.5.1+dfsg-1_all.deb |
2.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:N/I:P/A:P
3.9 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L
0.0005 Low
EPSS
Percentile
17.4%