CVE-2023-5189 Hub: insecure galaxy-importer tarfile extraction

2023-11-1422:57:00

redhat

www.cve.org

cve-2023-5189

ansible

automation hub

tarfile extraction

path traversal

vulnerability

symlink

overwritten files

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

EPSS

0.001

Percentile

23.4%

JSON

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python3x-galaxy-importer",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:0.4.18-1.el8ap",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
      "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
      "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-galaxy-importer",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:0.4.18-1.el9ap",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
      "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
      "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6.14 for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-galaxy-importer",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:0.4.18-2.el8pc",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:satellite_utils:6.14::el8",
      "cpe:/a:redhat:satellite_capsule:6.14::el8",
      "cpe:/a:redhat:satellite:6.14::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6.14 for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-galaxy-importer",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:0.4.18-2.el8pc",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:satellite_utils:6.14::el8",
      "cpe:/a:redhat:satellite_capsule:6.14::el8",
      "cpe:/a:redhat:satellite:6.14::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6.15 for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-galaxy-importer",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:0.4.19-2.el8pc",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:satellite_utils:6.15::el8",
      "cpe:/a:redhat:satellite_maintenance:6.15::el8",
      "cpe:/a:redhat:satellite:6.15::el8",
      "cpe:/a:redhat:satellite_capsule:6.15::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6.15 for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-galaxy-importer",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:0.4.19-2.el8pc",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:satellite_utils:6.15::el8",
      "cpe:/a:redhat:satellite_maintenance:6.15::el8",
      "cpe:/a:redhat:satellite:6.15::el8",
      "cpe:/a:redhat:satellite_capsule:6.15::el8"
    ]
  }
]