Search for vulnerabilities
Vulnerability details: VCID-sxkv-1qnq-vqad
Vulnerability ID VCID-sxkv-1qnq-vqad
Aliases CVE-2023-5764
GHSA-7j69-qfc3-2fq9
Summary A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.6 https://access.redhat.com/errata/RHSA-2023:7773
cvssv3.1 7.1 https://access.redhat.com/errata/RHSA-2023:7773
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2023:7773
ssvc Track https://access.redhat.com/errata/RHSA-2023:7773
cvssv3 7.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5764.json
cvssv3.1 6.6 https://access.redhat.com/security/cve/CVE-2023-5764
cvssv3.1 7.1 https://access.redhat.com/security/cve/CVE-2023-5764
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2023-5764
ssvc Track https://access.redhat.com/security/cve/CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-5764
cvssv3.1 6.6 https://bugzilla.redhat.com/show_bug.cgi?id=2247629
cvssv3.1 7.1 https://bugzilla.redhat.com/show_bug.cgi?id=2247629
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2247629
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2247629
cvssv3.1 6.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-7j69-qfc3-2fq9
cvssv3.1 6.6 https://github.com/ansible/ansible
generic_textual MODERATE https://github.com/ansible/ansible
cvssv3.1 6.6 https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f
generic_textual MODERATE https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f
cvssv3.1 6.6 https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a
generic_textual MODERATE https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a
cvssv3.1 6.6 https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1
generic_textual MODERATE https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1
cvssv3.1 6.6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU
cvssv3.1 6.6 https://nvd.nist.gov/vuln/detail/CVE-2023-5764
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2023-5764
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-5764
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2023:7773
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5764.json
https://access.redhat.com/security/cve/CVE-2023-5764
https://api.first.org/data/v1/epss?cve=CVE-2023-5764
https://bugzilla.redhat.com/show_bug.cgi?id=2247629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5764
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/ansible/ansible
https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f
https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a
https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/
https://nvd.nist.gov/vuln/detail/CVE-2023-5764
https://security.netapp.com/advisory/ntap-20241025-0001/
1057427 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057427
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:2.16.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:2.16.0:-:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:2.16.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:2.16.0:beta1:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:2.16.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:2.16.0:beta2:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:2.16.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:2.16.0:rc1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:/a:redhat:ansible_automation_platform:2.4::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.4::el8
cpe:/a:redhat:ansible_automation_platform:2.4::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.4::el9
cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
GHSA-7j69-qfc3-2fq9 https://github.com/advisories/GHSA-7j69-qfc3-2fq9
USN-6846-1 https://usn.ubuntu.com/6846-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:7773
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:7773
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:28Z/ Found at https://access.redhat.com/errata/RHSA-2023:7773
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5764.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/security/cve/CVE-2023-5764
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/security/cve/CVE-2023-5764
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:28Z/ Found at https://access.redhat.com/security/cve/CVE-2023-5764
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2247629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2247629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:28Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2247629
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/ansible/ansible
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-5764
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-5764
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.22225
EPSS Score 0.00071
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:36:38.370918+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6846-1/ 37.0.0