PyPi: Ansible-Core

CVE-2023-5115

Safety vulnerability ID: 65511

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 18, 2023 Updated at Sep 24, 2024

Scan your Python projects for vulnerabilities →

Advisory

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.

Affected package

ansible-core

Latest version: 2.17.4

Radically simple IT automation

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.3

CVSS v3 Details

MEDIUM 6.3

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality Impact (C): LOW
Integrity Impact (I): HIGH
Availability Availability (A): NONE