Lucene search
GitHub Advisory DatabaseGHSA-3R32-CP7V-5WQ4HistoryAug 29, 2023 - 12:32 a.m.
Code injection in ansible semaphore
2023-08-2900:32:03
CWE-94
GitHub Advisory Database
github.com
14
ansible
semaphore
remote attack
code injection
software_security
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
65.0%
An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.
Affected configurations
Node
github.com\/ansiblesemaphore\/semaphoreRange≤2.8.90
| Vendor | Product | Version | CPE |
|---|---|---|---|
| github.com\/ansible | semaphore\/semaphore | * | cpe:2.3:a:github.com\/ansible:semaphore\/semaphore:*:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2023-08-28 22:15:00
veracode
veracode
Arbitrary Code Injection
2023-09-02 08:25:06
osv
osv
Code injection in ansible semaphore
2023-08-29 00:32:03
CVE-2023-39059
2023-08-28 22:15:08
cvelist
cvelist
CVE-2023-39059
2023-08-28 00:00:00
nvd
nvd
CVE-2023-39059
2023-08-28 22:15:08
cve
cve
CVE-2023-39059
2023-08-28 22:15:08
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
65.0%
Related for GHSA-3R32-CP7V-5WQ4