CVE-2019-3828

CVSS v3.1

4.2

Medium

Vector

AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.5.15 Ansible versions prior to 2.6.14 Ansible versions prior to 2.7.8

Description The issue allows for a path traversal vulnerability, enabling the copying and overwriting of files outside the specified destination on the local Ansible controller host. This is due to the failure to restrict an absolute path. The vulnerability can be exploited by a local attacker to gain unauthorized access to information and compromise its integrity by copying and overwriting files beyond the intended directory.

Recommendations For versions prior to 2.5.15, update to version 2.5.15 or later. For versions prior to 2.6.14, update to version 2.6.14 or later. For versions prior to 2.7.8, update to version 2.7.8 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2019-1750

BDU:2019-01543

CVE-2019-3828

DSA-4396-1

GHSA-74VQ-H4Q8-X6JV

MGASA-2019-0114

OESA-2022-1565

OPENSUSE-SU-2019:1125-1

OPENSUSE-SU-2019:1635-1

OPENSUSE-SU-2019:1858-1

OPENSUSE-SU-2019_1635-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

PYSEC-2019-5

PYSEC-2019-75

RHSA-2019:0430

RHSA-2019:0431

RHSA-2019:0432

RHSA-2019:0433

RHSA-2019:3744

RHSA-2019:3789

SUSE-RU-2020:2072-1

SUSE-RU-2020:2161-1

SUSE-SU-2020:1901-1

SUSE-SU-2020:3309-1

USN-4072-1

Affected Products

Alt Linux

Ansible

Ansible-Core

Suse

Ubuntu

CVE-2019-3828

Weakness Enumeration

Related Identifiers

Affected Products

References · 286