CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
29.4%
ansible-core is vulnerable to Path Traversal. The vulnerability exists due to the lack of sanitization in the linkname
of role.py
, which allows an attacker to overwrite files outside of the installation directory.
access.redhat.com/errata/RHSA-2023:5701
access.redhat.com/errata/RHSA-2023:5758
access.redhat.com/security/cve/CVE-2023-5115
bugzilla.redhat.com/show_bug.cgi?id=2233810
bugzilla.suse.com/show_bug.cgi?id=1215606
github.com/ansible/ansible/commit/1e930684bc0a76ec3d094cd326738ad26416541c
github.com/ansible/ansible/commit/6809f986fc9c75c9e574657a74cef4eb911d9d34
github.com/ansible/ansible/commit/820dae4aff6ac8773bca9f379fe17a889ec13a3b
github.com/ansible/ansible/commit/fffb3c403fe6def8d07e1062c751199ca3b98b7a
lists.debian.org/debian-lts-announce/2023/12/msg00018.html
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
29.4%