ansible vault

September 14, 2017

THREAT RESEARCH

Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib.

Talos is disclosing the presences of remote code execution vulnerabilities in the processing of Yet Another Markup Language (YAML) content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML content to execute arbitrary commands on vulnerable systems. YAML is a data serialisation markup format which is designed to be readable […]