Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-ansible-core) security update
A moderate severity vulnerability (CVE-2024-22195) affects Red Hat OpenStack Platform 17. 1 via an HTML attribute injection issue in the xmlattr filter when user input is passed as keys. This vulnerability is addressed in an ansible-core rebuild based on Python 3. 9. Red Hat has released updated packages to fix this issue. No known exploits are reported in the wild.
AI Analysis
Technical Summary
CVE-2024-22195 is an HTML attribute injection vulnerability in the xmlattr filter of ansible-core used in Red Hat OpenStack Platform 17.1. The issue arises when user input is passed as keys to the xmlattr filter, potentially allowing injection of malicious HTML attributes. Red Hat has rebuilt ansible-core based on Python 3.9 to address this vulnerability and released updated packages for Red Hat OpenStack Platform 17.1 and related components.
Potential Impact
The vulnerability could allow injection of malicious HTML attributes when user input is improperly handled by the xmlattr filter, which may lead to security issues related to HTML injection. The advisory rates the impact as moderate. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released updated packages for openstack-ansible-core (version 2.14.2-4.3.el9ost) that fix this vulnerability. Users of Red Hat OpenStack Platform 17.1 should apply these updates promptly. Detailed update instructions are available at https://access.redhat.com/articles/11258. Since this is not a cloud service, remediation requires manual patching by the user.
Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-ansible-core) security update
Description
A moderate severity vulnerability (CVE-2024-22195) affects Red Hat OpenStack Platform 17. 1 via an HTML attribute injection issue in the xmlattr filter when user input is passed as keys. This vulnerability is addressed in an ansible-core rebuild based on Python 3. 9. Red Hat has released updated packages to fix this issue. No known exploits are reported in the wild.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-22195 is an HTML attribute injection vulnerability in the xmlattr filter of ansible-core used in Red Hat OpenStack Platform 17.1. The issue arises when user input is passed as keys to the xmlattr filter, potentially allowing injection of malicious HTML attributes. Red Hat has rebuilt ansible-core based on Python 3.9 to address this vulnerability and released updated packages for Red Hat OpenStack Platform 17.1 and related components.
Potential Impact
The vulnerability could allow injection of malicious HTML attributes when user input is improperly handled by the xmlattr filter, which may lead to security issues related to HTML injection. The advisory rates the impact as moderate. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released updated packages for openstack-ansible-core (version 2.14.2-4.3.el9ost) that fix this vulnerability. Users of Red Hat OpenStack Platform 17.1 should apply these updates promptly. Detailed update instructions are available at https://access.redhat.com/articles/11258. Since this is not a cloud service, remediation requires manual patching by the user.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:2733
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a1f4ea3e29bf47b500889d0
Added to database: 6/2/2026, 9:44:03 PM
Last enriched: 6/2/2026, 10:29:51 PM
Last updated: 6/3/2026, 5:08:08 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.