CVE-2024-11079 MEDIUM

CVE-2024-11079: Ansible-core: unsafe tagging bypass via hostvars object in ansible-core

Vendor Red Hat

Product Red Hat Enterprise Linux 10

Weakness CWE-20 · Input validation

Published November 11, 2024

Last update March 18, 2026

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

Key dates

02Disclosure timeline

November 11, 2024 CVE published

March 18, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-11079

Related vulnerabilities

Identifiers

CVE CVE-2024-11079

CWE CWE-20

CVSS 5.5 / MEDIUM

Affected versions

Vendor Red Hat

Product Red Hat Enterprise Linux 10

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux AI (RHEL AI)

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux AI (RHEL AI)

Affected All versions

CVE-2024-11079: Ansible-core: unsafe tagging bypass via hostvars object in ansible-core

01Description

02Disclosure timeline

03References

04Related CVE