Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-jpvw-p8pr-9g2x: Ansible symlink attack vulnerability

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.

ghsa
#vulnerability#git

Ansible symlink attack vulnerability

Moderate severity GitHub Reviewed Published Dec 28, 2023 to the GitHub Advisory Database • Updated Dec 29, 2023

Related news

Red Hat Security Advisory 2023-5701-01

Red Hat Security Advisory 2023-5701-01 - An update is now available for Red Hat Ansible Automation Platform 2.3. Issues addressed include a denial of service vulnerability.