Directory Traversal

2019-02-2102:10:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

22.9%

JSON

ansible is vulnerable to directory traversal. A lack of validation in the fetch module allows copying and overwriting of files outside of the specified destination in the local ansible controller host using the ../ characters.

CPENameOperatorVersion
ansiblele2.7.7
ansibleeq2.3.1.0__3.el7
ansibleeq2.5.5__1.el7ae
ansibleeq2.4.2.0__0.el7
ansibleeq2.6.18__1.el7ae
ansibleeq2.4.1.0__1.el7
ansibleeq2.5.15__1.el7ae
ansibleeq2.2.0__0.50.prerelease.el7
ansibleeq2.6.3__1.el7
ansibleeq2.7.7__1.el7ae

Name	Operator	Version
ansible	le	2.7.7
ansible	eq	2.3.1.0__3.el7
ansible	eq	2.5.5__1.el7ae
ansible	eq	2.4.2.0__0.el7
ansible	eq	2.6.18__1.el7ae
ansible	eq	2.4.1.0__1.el7
ansible	eq	2.5.15__1.el7ae
ansible	eq	2.2.0__0.50.prerelease.el7
ansible	eq	2.6.3__1.el7
ansible	eq	2.7.7__1.el7ae