PT-2019-1890 · Red Hat+4 · Ansible+4

Sivel

Publicado

2019-02-12

Atualizado

2026-06-03

CVE-2019-3828

CVSS v3.1

4.2

Média

Vetor

AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.5.15 Ansible versions prior to 2.6.14 Ansible versions prior to 2.7.8

Description The issue allows for a path traversal vulnerability, enabling the copying and overwriting of files outside the specified destination on the local Ansible controller host. This is due to the failure to restrict an absolute path. The vulnerability can be exploited by a local attacker to gain unauthorized access to information and compromise its integrity by copying and overwriting files beyond the intended directory.

Recommendations For versions prior to 2.5.15, update to version 2.5.15 or later. For versions prior to 2.6.14, update to version 2.6.14 or later. For versions prior to 2.7.8, update to version 2.7.8 or later.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALT-PU-2019-1750

BDU:2019-01543

CVE-2019-3828

DSA-4396-1

GHSA-74VQ-H4Q8-X6JV

MGASA-2019-0114

OESA-2022-1565

OPENSUSE-SU-2019:1125-1

OPENSUSE-SU-2019:1635-1

OPENSUSE-SU-2019:1858-1

OPENSUSE-SU-2019_1635-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

OPENSUSE-SU-2026:10944-1

PYSEC-2019-5

PYSEC-2019-75

RHSA-2019:0430

RHSA-2019:0431

RHSA-2019:0432

RHSA-2019:0433

RHSA-2019:3744

RHSA-2019:3789

SUSE-RU-2020:2072-1

SUSE-RU-2020:2161-1

SUSE-SU-2020:1901-1

SUSE-SU-2020:3309-1

USN-4072-1

Produtos afetados

Alt Linux

Ansible

Ansible-Core

Suse

Ubuntu

PT-2019-1890 · Red Hat+4 · Ansible+4

CVE-2019-3828

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 287