ansible is vulnerable to remote code execution. The vulnerability exists as the package
and service
modules allows the ansible_facts['pkg_mgr']
and ansible_facts['service_mgr']
facts to be set to a module name such as ansible_collections.namespace.name./tmp/reverse-shell
, allowing remote code execution on the managed node.