Описание
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ansible | fixed | 2.7.7+dfsg-1 | package | |
| ansible | not-affected | jessie | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1676689
https://github.com/ansible/ansible/pull/52133
https://github.com/ansible/ansible/pull/68720 (CVE-2020-1735 follow-up)
Introduced in https://github.com/ansible/ansible/commit/bc4272d2a26e47418c7d588208482d05a34a34cd (1.8)
EPSS
Связанные уязвимости
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Уязвимость модуля fetch системы управления конфигурациями Ansible, связанная c неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность
EPSS