drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in jinja
| Name: |
Ausführen beliebiger Kommandos in jinja |
|
| ID: |
RHSA-2025:2664 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat Ansible Automation Platform Execution Environments |
|
| Datum: |
Mi, 12. März 2025, 23:05 |
|
| Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=2350190
https://access.redhat.com/errata/RHSA-2025:2664
https://access.redhat.com/security/cve/CVE-2025-27516 |
|
| Applikationen: |
Jinja2 |
|
Originalnachricht |
An update is now available for Red Hat Ansible Automation Platform Execution
Environments
Red Hat Ansible Automation Platform provides an enterprise framework for
building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
Security Fix(es):
* ee-minimal-container: Jinja sandbox breakout through attr filter selecting
format method (CVE-2025-27516)
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2025-27516: Improper Neutralization of Special Elements Used in a Template
Engine (CWE-1336)
|
|
|
|
