logo

Database

Server side template injection In github.com/ansible-semaphore/semaphore

Description

Code injection in ansible semaphore An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2023-390592. NVD-2023-390593. OSV-2023-390594. GCVE-2023-39059

References

1. https://gist.github.com/Alevsk/1757da24c5fb8db735d392fd4146ca3a2. https://www.alevsk.com/2023/07/a-quick-story-of-security-pitfalls-with-execcommand-in-software-integrations

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-U9QM3 – Vulnerability | Fluid Attacks Database