ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-23 13:20:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

inventory plugins: make data obtained from remote unsafe (#8098)

Browse source 
Make data obtained from remote unsafe.
This commit is contained in:
Felix Fontein 2024-03-25 06:17:09 +01:00 committed by GitHub
commit d62fe154d2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 88 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

6
changelogs/fragments/inventory-rce.yml Normal file
View file

@ -0,0 +1,6 @@
security_fixes:
- "cobbler, gitlab_runners, icinga2, linode, lxd, nmap, online, opennebula, proxmox, scaleway, stackpath_compute, virtualbox,
and xen_orchestra inventory plugin - make sure all data received from the remote servers is marked as unsafe, so remote
code execution by obtaining texts that can be evaluated as templates is not possible
(https://www.die-welt.net/2024/03/remote-code-execution-in-ansible-dynamic-inventory-plugins/,
https://github.com/ansible-collections/community.general/pull/8098)."