Описание
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
Ссылки
- Issue TrackingMitigationVendor Advisory
- PatchThird Party Advisory
- Issue TrackingMitigationVendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
EPSS
5.2 Medium
CVSS3
3.6 Low
CVSS2
Дефекты
Связанные уязвимости
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
An archive traversal flaw was found in all ansible-engine versions 2.9 ...
EPSS
5.2 Medium
CVSS3
3.6 Low
CVSS2