1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/changelogs/fragments/inventory-rce.yml
patchback[bot] a45cb0ca04
[PR #8098/d62fe154 backport][stable-7] inventory plugins: make data obtained from remote unsafe (#8145)
inventory plugins: make data obtained from remote unsafe (#8098)

Make data obtained from remote unsafe.

(cherry picked from commit d62fe154d2)

Co-authored-by: Felix Fontein <felix@fontein.de>
2024-03-25 06:50:05 +01:00

6 lines
535 B
YAML

security_fixes:
- "cobbler, gitlab_runners, icinga2, linode, lxd, nmap, online, opennebula, proxmox, scaleway, stackpath_compute, virtualbox,
and xen_orchestra inventory plugin - make sure all data received from the remote servers is marked as unsafe, so remote
code execution by obtaining texts that can be evaluated as templates is not possible
(https://www.die-welt.net/2024/03/remote-code-execution-in-ansible-dynamic-inventory-plugins/,
https://github.com/ansible-collections/community.general/pull/8098)."