CVE-2021-3583: 
Ansible Tower vulnerability analysis and mitigation

CVE-2021-3583 is a template injection vulnerability discovered in Ansible, where a user's controller becomes vulnerable when using templates in multi-line YAML strings. The vulnerability was disclosed on September 22, 2021, affecting various versions of Ansible across multiple platforms. The issue specifically occurs when facts being handled in templates don't routinely include special template characters (Ubuntu Security, Red Hat Portal).

The vulnerability has a CVSS 3.1 base score of 7.1 (High), with the following metrics: Attack Vector: Local, Attack Complexity: Low, Privileges Required: Low, User Interaction: None, Scope: Unchanged, Confidentiality: High, Integrity: High, Availability: None. The vulnerability vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N (Ubuntu Security).

The vulnerability allows attackers to perform command injection through template injection, which can lead to the disclosure of sensitive information and compromise system integrity. The highest threat from this vulnerability is to confidentiality and integrity, while availability is not affected (Ubuntu Security, Red Hat Portal).

The vulnerability has been fixed in multiple versions across different distributions: Ubuntu 22.04 LTS (2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm1), Ubuntu 20.04 LTS (2.9.6+dfsg-1ubuntu0.1~esm1), Ubuntu 18.04 LTS (2.5.1+dfsg-1ubuntu0.1+esm1), and Ubuntu 16.04 LTS (2.0.0.2-2ubuntu1.3+esm1). Red Hat has addressed this in Ansible Engine 2.9.23 (Ubuntu Security Notice, Red Hat Portal).