CVE-2019-3828
Ansible: path traversal in the fetch module
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
El módulo fetch de Ansible, en versiones anteriores a las 2.5.15, 2.6.14 y 2.7.8, tiene una vulnerabilidad de salto de directorio que permite la copia y la sobrescritura de archivos fuera de la carpeta especificada en el host del controlador local de Ansible mediante la no restricción de una ruta absoluta.
A path traversal flaw was found in ansible. The fetch module allows copying and overwriting files outside of the specified destination in the local ansible controller host by not restricting an absolute path. The main threat from this vulnerability is to data confidentiality and integrity.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-02-20 CVE Published
- 2024-03-20 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (11)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828 | 2023-06-12 | |
https://github.com/ansible/ansible/pull/52133 | 2023-06-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Ansible Search vendor "Redhat" for product "Ansible" | >= 2.5.0 < 2.5.15 Search vendor "Redhat" for product "Ansible" and version " >= 2.5.0 < 2.5.15" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Ansible Search vendor "Redhat" for product "Ansible" | >= 2.6.0 < 2.6.14 Search vendor "Redhat" for product "Ansible" and version " >= 2.6.0 < 2.6.14" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Ansible Search vendor "Redhat" for product "Ansible" | >= 2.7.0 < 2.7.8 Search vendor "Redhat" for product "Ansible" and version " >= 2.7.0 < 2.7.8" | - |
Affected
|