Описание
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ansible-core | fixed | 2.14.11-1 | package | |
| ansible-core | fixed | 2.14.16-0+deb12u1 | bookworm | package |
| ansible-core | no-dsa | bullseye | package | |
| ansible | fixed | 5.4.0-1 | package | |
| ansible | fixed | 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 | bullseye | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2233810
https://github.com/ansible/ansible/pull/81780
https://github.com/ansible/ansible/commit/ddf0311c63287e2d5334770377350c1e0cbfff28
ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid
EPSS
Связанные уязвимости
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
EPSS