Lucene search
Veracode Vulnerability DatabaseVERACODE:33646HistoryJan 14, 2022 - 6:00 a.m.
Cross-site Scripting (XSS)
2022-01-1406:00:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
32.4%
bolt is vulnerable to cross-site scripting (XSS). A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host’s shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.
References
access.redhat.com/errata/RHSA-2022:0108
access.redhat.com/security/cve/CVE-2021-4041
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=2028074
github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd
github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f
Related
osv
osv
ansible-runner vulnerable to shell command injection
2022-08-25 00:00:27
PYSEC-2022-253
2022-08-24 16:15:00
CVE-2021-4041
2022-08-24 16:15:09
redhat
redhat
(RHSA-2022:0108) Moderate: ansible-runner security and bug fix update
2022-01-11 20:49:29
ibm
ibm
prion
prion
Command injection
2022-08-24 16:15:00
redhatcve
redhatcve
CVE-2021-4041
2021-12-02 12:06:11
debiancve
debiancve
CVE-2021-4041
2022-08-24 16:15:09
cvelist
cvelist
CVE-2021-4041
2022-08-24 15:11:13
github
github
ansible-runner vulnerable to shell command injection
2022-08-25 00:00:27
cve
cve
CVE-2021-4041
2022-08-24 16:15:09
nvd
nvd
CVE-2021-4041
2022-08-24 16:15:09
nessus
nessus
RHEL 8 : ansible-runner (RHSA-2022:0108)
2024-04-28 00:00:00
ubuntucve
ubuntucve
CVE-2021-4041
2022-08-24 00:00:00