Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-55g2-vm3q-7w52: Ansible galaxy-importer Path Traversal vulnerability

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.

ghsa
#vulnerability#git

Ansible galaxy-importer Path Traversal vulnerability

Moderate severity GitHub Reviewed Published Nov 15, 2023 to the GitHub Advisory Database • Updated Nov 16, 2023

Related news

Red Hat Security Advisory 2024-2010-03

Red Hat Security Advisory 2024-2010-03 - An update is now available for Red Hat Satellite 6.15. The release contains a new version of Satellite and important security fixes for various components. Issues addressed include HTTP request smuggling, crlf injection, denial of service, file disclosure, and traversal vulnerabilities.

CVE-2023-5189: cve-details

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.