AZL-52417 CVE-2024-9902 affecting package ansible for versions less than 2.17.11-1

🗓️ 06 Nov 2024 10:15:06Reported by GoogleType

osv🔗 osv.dev👁 3 Views

A flaw in Ansible where the user module lets an unprivileged user create or replace files and take ownership when run against the unprivileged home directory.

Reporter	Title	Published	Views	Family All 84
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge v5.1.1 is vulnerable to multiple Operator package issues	2 Apr 202517:43	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion HCI and IBM Fusion HCI for watsonx	31 May 202514:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2024-11079)	28 May 202615:37	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion	31 May 202514:06	–	ibm
Tenable Nessus	Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2025-918)	1 Apr 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: ansible (CVE-2024-9902)	11 Jul 202500:00	–	nessus
Tenable Nessus	Debian dla-3963 : ansible - security update	24 Nov 202400:00	–	nessus
Tenable Nessus	Fedora 44 : ansible / ansible-core (2025-2842f20915)	11 Dec 202500:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: ansible (CVE-2024-9902)	11 Jul 202500:00	–	nessus
Tenable Nessus	NewStart CGSL MAIN 7.02 : ansible-core Multiple Vulnerabilities (NS-SA-2025-0114)	25 Jul 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-9902

21 Apr 2026 04:33Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.16.3

EPSS0.00222

SSVC