Описание
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 1.2 | ansible | Will not fix | ||
| Red Hat Ansible Automation Platform 2.3 for RHEL 8 | ansible-core | Fixed | RHSA-2023:5701 | 16.10.2023 |
| Red Hat Ansible Automation Platform 2.3 for RHEL 9 | ansible-core | Fixed | RHSA-2023:5701 | 16.10.2023 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | ansible-core | Fixed | RHSA-2023:5758 | 16.10.2023 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | ansible-core | Fixed | RHSA-2023:5758 | 16.10.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
An absolute path traversal attack exists in the Ansible automation pla ...
EPSS
6.3 Medium
CVSS3