Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-1737

Опубликовано: 09 мар. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.6
CVSS3: 7.5

Описание

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

2.9.7+dfsg-1
eoan

ignored

end of life
esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

not-affected

2.9.7+dfsg-1
esm-apps/noble

not-affected

2.9.7+dfsg-1
esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

needs-triage

focal

ignored

end of standard support, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 31%
0.00119
Низкий

4.6 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-1737

CVSS3: 7.5
redhat
почти 6 лет назад

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.

nvd логотип

CVE-2020-1737

CVSS3: 7.5
nvd
почти 6 лет назад

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.

debian логотип

CVE-2020-1737

CVSS3: 7.5
debian
почти 6 лет назад

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ...

github логотип

GHSA-893h-35v4-mxqx

CVSS3: 7.8
github
почти 5 лет назад

Path Traversal in Ansible

fstec логотип

BDU:2020-05681

CVSS3: 7.5
fstec
почти 6 лет назад

Уязвимость модуля win_unzip системы управления конфигурациями Ansible, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 31%
0.00119
Низкий

4.6 Medium

CVSS2

7.5 High

CVSS3