CVE-2015-6240 — Link Following in Redhat Ansible

CWE-59 — Link Following10 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 84.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible

Timeline

PublishedJun 7

Latest updateMar 5

Description

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶PyPIredhat/ansible< 1.9.2

▶Debianredhat/ansible< 1.9.2+dfsg-1+3

▶NVDredhat/ansible1.9.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

ansible vulnerabilities↗2025-03-05

▶

GHSA

Ansible Sandbox Escape via Symlink Attack↗2022-05-13

▶

OSV

Ansible Sandbox Escape via Symlink Attack↗2022-05-13

▶

CVEList

CVE-2015-6240: The chroot, jail, and zone connection plugins in ansible before 1↗2017-06-07

▶

OSV

CVE-2015-6240: The chroot, jail, and zone connection plugins in ansible before 1↗2017-06-07

▶

📋Vendor Advisories

Ubuntu

Ansible vulnerabilities↗2025-03-05

▶

Red Hat

ansible: multiple issues fixed in 1.9.2↗2015-06-19

▶

Debian

CVE-2015-6240: ansible - The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow loca...↗2015

▶

💬Community

Bugzilla

CVE-2015-6240 CVE-2015-3908 ansible: multiple issues fixed in 1.9.2↗2015-07-15

▶