Описание
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 2.9.7+dfsg-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | needed | |
| esm-apps/jammy | not-affected | 2.9.7+dfsg-1 |
| esm-apps/noble | not-affected | 2.9.7+dfsg-1 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
| focal | ignored | end of standard support, was needed |
Показывать по
EPSS
3.6 Low
CVSS2
5.2 Medium
CVSS3
Связанные уязвимости
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
An archive traversal flaw was found in all ansible-engine versions 2.9 ...
EPSS
3.6 Low
CVSS2
5.2 Medium
CVSS3