VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-akcg-prtj-9bft

Essentials
Severities (60)
References (28)
Severity details (31)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-akcg-prtj-9bft
Aliases	CVE-2024-11079 GHSA-99w6-3xph-cx78
Summary	Ansible-Core vulnerable to content protections bypass A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.5	https://access.redhat.com/errata/RHSA-2024:10770
generic_textual	LOW	https://access.redhat.com/errata/RHSA-2024:10770
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:10770
cvssv3.1	5.5	https://access.redhat.com/errata/RHSA-2024:11145
generic_textual	LOW	https://access.redhat.com/errata/RHSA-2024:11145
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:11145
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11079.json
cvssv3.1	5.5	https://access.redhat.com/security/cve/CVE-2024-11079
generic_textual	LOW	https://access.redhat.com/security/cve/CVE-2024-11079
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-11079
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2024-11079
cvssv3.1	5.5	https://bugzilla.redhat.com/show_bug.cgi?id=2325171
generic_textual	LOW	https://bugzilla.redhat.com/show_bug.cgi?id=2325171
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2325171
cvssv3.1	5.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-99w6-3xph-cx78
cvssv3.1	5.5	https://github.com/ansible/ansible
generic_textual	LOW	https://github.com/ansible/ansible
cvssv3.1	5.5	https://github.com/ansible/ansible/blob/v2.18.1/changelogs/CHANGELOG-v2.18.rst#security-fixes
generic_textual	LOW	https://github.com/ansible/ansible/blob/v2.18.1/changelogs/CHANGELOG-v2.18.rst#security-fixes
cvssv3.1	5.5	https://github.com/ansible/ansible/commit/2936b80dbbc7efb889934aeec80f6142c10266ce
generic_textual	LOW	https://github.com/ansible/ansible/commit/2936b80dbbc7efb889934aeec80f6142c10266ce
cvssv3.1	5.5	https://github.com/ansible/ansible/commit/70e83e72b43e05e57eb42a6d52d01a4d9768f510
generic_textual	LOW	https://github.com/ansible/ansible/commit/70e83e72b43e05e57eb42a6d52d01a4d9768f510
cvssv3.1	5.5	https://github.com/ansible/ansible/commit/98774d15d7748ebaaaf2e83942cc7e8d39f7280e
generic_textual	LOW	https://github.com/ansible/ansible/commit/98774d15d7748ebaaaf2e83942cc7e8d39f7280e
cvssv3.1	5.5	https://github.com/ansible/ansible/pull/84299
generic_textual	LOW	https://github.com/ansible/ansible/pull/84299
cvssv3.1	5.5	https://github.com/ansible/ansible/pull/84339
generic_textual	LOW	https://github.com/ansible/ansible/pull/84339
cvssv3.1	5.5	https://nvd.nist.gov/vuln/detail/CVE-2024-11079
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2024-11079

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:10770
		https://access.redhat.com/errata/RHSA-2024:11145
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11079.json
		https://access.redhat.com/security/cve/CVE-2024-11079
		https://api.first.org/data/v1/epss?cve=CVE-2024-11079
		https://bugzilla.redhat.com/show_bug.cgi?id=2325171
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11079
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/blob/v2.18.1/changelogs/CHANGELOG-v2.18.rst#security-fixes
		https://github.com/ansible/ansible/commit/2936b80dbbc7efb889934aeec80f6142c10266ce
		https://github.com/ansible/ansible/commit/70e83e72b43e05e57eb42a6d52d01a4d9768f510
		https://github.com/ansible/ansible/commit/98774d15d7748ebaaaf2e83942cc7e8d39f7280e
		https://github.com/ansible/ansible/pull/84299
		https://github.com/ansible/ansible/pull/84339
		https://nvd.nist.gov/vuln/detail/CVE-2024-11079
1088106		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088106
cpe:/a:redhat:ansible_automation_platform:2.5::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.5::el8
cpe:/a:redhat:ansible_automation_platform:2.5::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.5::el9
cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
cpe:/a:redhat:ansible_core:2::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_core:2::el8
cpe:/a:redhat:ansible_core:2::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_core:2::el9
cpe:/a:redhat:enterprise_linux_ai:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux_ai:1
cpe:/o:redhat:enterprise_linux:10		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
GHSA-99w6-3xph-cx78		https://github.com/advisories/GHSA-99w6-3xph-cx78

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:10770

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:41:52Z/ Found at https://access.redhat.com/errata/RHSA-2024:10770

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:11145

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:41:52Z/ Found at https://access.redhat.com/errata/RHSA-2024:11145

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11079.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://access.redhat.com/security/cve/CVE-2024-11079

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:41:52Z/ Found at https://access.redhat.com/security/cve/CVE-2024-11079

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2325171

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:41:52Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2325171

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://github.com/ansible/ansible/blob/v2.18.1/changelogs/CHANGELOG-v2.18.rst#security-fixes

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://github.com/ansible/ansible/commit/2936b80dbbc7efb889934aeec80f6142c10266ce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://github.com/ansible/ansible/commit/70e83e72b43e05e57eb42a6d52d01a4d9768f510

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://github.com/ansible/ansible/commit/98774d15d7748ebaaaf2e83942cc7e8d39f7280e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://github.com/ansible/ansible/pull/84299

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://github.com/ansible/ansible/pull/84339

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-11079

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.57752
EPSS Score	0.00365
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:33:46.013099+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-99w6-3xph-cx78/GHSA-99w6-3xph-cx78.json	37.0.0