Описание
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
Отчет
Ansible Engine 2.9.6 as well as previous 2.9.x versions are affected. Ansible versions less than or equal to 2.8 are not affected by this vulnerability as this functionality was introduced on 2.9. Ansible Tower 3.6.3 as well as previous 3.6.x versions are affected as they use ansible-galaxy collections.
Меры по смягчению последствий
A possible mitigation of archive traversal issue could be done by restricting file access control and directory write accesses for extracting tarball files. This is feasible only for scenarios when the destination path could be known and enforced beforehand.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | ansible | Not affected | ||
| Red Hat Ceph Storage 3 | ansible | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | ansible | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | ansible | Not affected | ||
| Red Hat Storage 3 | ansible | Not affected | ||
| Red Hat Ansible Engine 2.9 for RHEL 7 | ansible | Fixed | RHSA-2020:1541 | 22.04.2020 |
| Red Hat Ansible Engine 2.9 for RHEL 8 | ansible | Fixed | RHSA-2020:1541 | 22.04.2020 |
| Red Hat Ansible Engine 2 for RHEL 7 | ansible | Fixed | RHSA-2020:1542 | 22.04.2020 |
| Red Hat Ansible Engine 2 for RHEL 8 | ansible | Fixed | RHSA-2020:1542 | 22.04.2020 |
| Red Hat Ansible Tower 3.6 for RHEL 7 | ansible-tower-36/ansible-tower | Fixed | RHBA-2020:1540 | 22.04.2020 |
Показывать по
Дополнительная информация
Статус:
5.2 Medium
CVSS3
Связанные уязвимости
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
An archive traversal flaw was found in all ansible-engine versions 2.9 ...
5.2 Medium
CVSS3