CVE-2023-5189

Name of the Vulnerable Software and Affected Versions Ansible (affected versions not specified)

Description A path traversal issue exists when Ansible extracts tarballs, allowing an attacker to craft a malicious tarball. This could result in a symlink being dropped on the disk when using the galaxy importer of Ansible Automation Hub, leading to files being overwritten. The vulnerability is related to incorrect restriction of directory path names with limited access, which could enable an attacker to overwrite arbitrary files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.