3 matches found
Astra Linux – Vulnerability in Ansible
A flaw was discovered in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then select a new destination path on the controller node. All versions under 2.7.x, 2.8.x, and 2.9.x branches are believed to be vulnerable...
The vulnerability of the fetch module in the Ansible configuration management system stems from deficiencies in path name restrictions, allowing attackers to access confidential data and compromise its integrity.
The vulnerability of the fetch module in the Ansible configuration system is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker to access confidential data and compromise its integrity...
ALPINE-CVE-2019-3828
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...