First published: Wed Aug 23 2023(Updated: )
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
pip/ansible | <8.5.0 | 8.5.0 |
All of | ||
Any of | ||
Redhat Ansible Automation Platform | =1.2 | |
Redhat Ansible Automation Platform | =2.3 | |
Redhat Ansible Automation Platform | =2.4 | |
Any of | ||
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
All of | ||
Any of | ||
Redhat Ansible Inside | =1.1 | |
Redhat Ansible Inside | =1.2 | |
Any of | ||
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
All of | ||
Any of | ||
Redhat Ansible Developer | =1.0 | |
Redhat Ansible Developer | =1.1 | |
Any of | ||
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
redhat/ansible | <2.14.11 | 2.14.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.