N/A

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.

N/A

输入验证不恰当

Ansible solaris_zone模块操作系统命令注入漏洞

Red Hat Ansible是美国红帽（Red Hat）公司的一款计算机系统配置管理器。该产品可用于发布、管理和编排计算机系统。Ansible Engine是其中的一个Ansible引擎。solaris_zone是其中的一个用于管理Solaris区域的模块。 Ansible中的solaris_zone模块存在操作系统命令注入漏洞。攻击者可利用该漏洞执行任意命令。

N/A

N/A