A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:7773 | |
https://access.redhat.com/errata/RHSA-2024:1536 | |
https://access.redhat.com/errata/RHSA-2024:2010 | |
https://access.redhat.com/security/cve/CVE-2023-5189 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2234387 | Exploit Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Apr 2024, 15:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Mar 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Dec 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Nov 2023, 20:05
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-14 23:15
Updated : 2024-04-25 15:16
NVD link : CVE-2023-5189
Mitre link : CVE-2023-5189
CVE.ORG link : CVE-2023-5189
JSON object : View
Products Affected
redhat
- satellite
- ansible_automation_platform
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')