Arbitrary Command Execution in Ansible-Vault YAML Loading

Arbitrary Command Execution in Ansible-Vault YAML Loading

CVE-2017-2809 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.

Learn more about our Web Application Penetration Testing UK.