CVE-2020-10691

CWE-22Path Traversal11 documents7 sources
Severity
5.2MEDIUM
EPSS
0.1%
top 73.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat Ansible EngineRED HAT AnsibleRedhat Ansible Tower
Timeline
PublishedApr 30
Latest updateApr 20

Description

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:LExploitability: 2.0 | Impact: 2.7

Affected Packages5 packages

NVDredhat/ansible_engine2.9.02.9.7
PyPIansible2.9.0a12.9.7
Debianansible< 2.9.7+dfsg-1+3
CVEListV5red_hat/ansibleall ansible-engine versions 2.9.x prior to 2.9.7

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Path Traversal in Ansible2021-04-20
OSV
Path Traversal in Ansible2021-04-20
CVEList
CVE-2020-10691: An archive traversal flaw was found in all ansible-engine versions 22020-04-30
OSV
CVE-2020-10691: An archive traversal flaw was found in all ansible-engine versions 22020-04-30

📋Vendor Advisories

2
Red Hat
Ansible: archive traversal vulnerability in ansible-galaxy collection install2020-03-27
Debian
CVE-2020-10691: ansible - An archive traversal flaw was found in all ansible-engine versions 2.9.x prior t...2020

💬Community

4
Bugzilla
CVE-2020-10691 ansible: archive traversal vulnerability in ansible-galaxy collection install [openstack-rdo]2020-03-30
Bugzilla
CVE-2020-10691 ansible: archive traversal vulnerability in ansible-galaxy collection install [epel-all]2020-03-27
Bugzilla
CVE-2020-10691 ansible: archive traversal vulnerability in ansible-galaxy collection install [fedora-all]2020-03-27
Bugzilla
CVE-2020-10691 Ansible: archive traversal vulnerability in ansible-galaxy collection install2020-03-25