CVE-2023-5115
published 2023-12-18CVE-2023-5115: An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim…
medium6.3CVSS 3.1
AVNACLPRLUIRSUCLIHAN
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ansible | < ansible 5.4.0-1 (bookworm) | ansible 5.4.0-1 (bookworm) |
| debian | ansible-core | < ansible 5.4.0-1 (bookworm) | ansible 5.4.0-1 (bookworm) |
| debian | debian_linux | — | — |
| msrc | azl3_ansible_2.15.3-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_ansible_2.17.0-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_ansible_2.14.11-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_ansible_2.14.12-2_on_cbl_mariner_2.0 | — | — |
| redhat | ansible | >= 0 < 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 | 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 |
| redhat | ansible | >= 0 < 5.4.0-1 | 5.4.0-1 |
| redhat | ansible | >= 0 < 5.4.0-1 | 5.4.0-1 |
| redhat | ansible | >= 0 < 5.4.0-1 | 5.4.0-1 |
| redhat | ansible | >= 0 < 8.5.0 | 8.5.0 |
| redhat | ansible_automation_platform | — | — |
| redhat | ansible_automation_platform | — | — |
| redhat | ansible_automation_platform | — | — |
| redhat | ansible_developer | — | — |
| redhat | ansible_developer | — | — |
| redhat | ansible_inside | — | — |
| redhat | ansible_inside | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
osv6.3MEDIUM