CVE-2023-5189

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:S/C:P/I:C/A:N

Name of the Vulnerable Software and Affected Versions Ansible (affected versions not specified)

Description A path traversal issue exists when Ansible extracts tarballs, allowing an attacker to craft a malicious tarball. This could result in a symlink being dropped on the disk when using the galaxy importer of Ansible Automation Hub, leading to files being overwritten. The vulnerability is related to incorrect restriction of directory path names with limited access, which could enable an attacker to overwrite arbitrary files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Relative Path Traversal

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-23CWE-22

Related Identifiers

BDU:2023-06098

CVE-2023-5189

GHSA-55G2-VM3Q-7W52

RHSA-2023:7773

RHSA-2024:1536

RHSA-2024:2010

Affected Products

Ansible

CVE-2023-5189

Weakness Enumeration

Related Identifiers

Affected Products

References · 18