Lucene search
+L

13 matches found

Tenable Nessus
Tenable Nessus
added 2020/05/20 12:0 a.m.41 views

Ansible Tower 3.6.x =< 3.6.3 Archive Traversal Arbitrary File Overwrite Vulnerability

The version of Ansible Tower running on the remote web server is 3.6.x equal or prior to 3.6.3. It is, therefore, affected by an archive traversal arbitrary file overwrite vulnerability when extracting tar.gz archives. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

5.2CVSS7.4AI score0.00358EPSS
Exploits0References3
NVD
NVD
added 2020/04/30 5:15 p.m.27 views

CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

5.2CVSS6AI score0.00358EPSS
Exploits0References2
OSV
OSV
added 2020/04/30 5:15 p.m.5 views

ALPINE-CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

5.2CVSS6.6AI score0.00358EPSS
Exploits0References1
OSV
OSV
added 2020/04/30 5:15 p.m.25 views

CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

5.2CVSS5AI score0.00358EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/04/30 4:23 p.m.26 views

CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

5.2CVSS6AI score0.00358EPSS
Exploits0References2
CVE
CVE
added 2020/04/30 4:23 p.m.194 views

CVE-2020-10691

CVE-2020-10691 affects Ansible Engine: all 2.9.x versions prior to 2.9.7. The vulnerability is an archive traversal in the extraction of a collection .tar.gz during ansible-galaxy collection install, where the target directory is created without sanitizing filenames, allowing an attacker to overw...

5.2CVSS5AI score0.00358EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2020/04/30 4:23 p.m.51 views

CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

5.2CVSS5.3AI score0.00358EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/04/30 12:0 a.m.62 views

Fedora: Security Advisory for ansible (FEDORA-2020-3990f03ba3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.9CVSS6AI score0.00506EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2020/04/27 12:0 a.m.47 views

Fedora 30 : ansible (2020-1b6ce91e37)

Update to upstream bugfix and security update 2.9.7. See https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELO G-v2.9.rst for a detailed list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system websit...

7.9CVSS6.8AI score0.00506EPSS
Exploits3References10
RedHat Linux
RedHat Linux
added 2020/04/22 2:10 p.m.80 views

Important: Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)

An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

7.9CVSS6.9AI score0.00506EPSS
Exploits3References11
RedHat Linux
RedHat Linux
added 2020/04/22 2:10 p.m.83 views

Important: Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)

An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.9CVSS6.9AI score0.00506EPSS
Exploits3References11
Tenable Nessus
Tenable Nessus
added 2020/04/22 12:0 a.m.40 views

RHEL 7 / 8 : Ansible security update (2.9.7) (Important) (RHSA-2020:1541)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1541 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over S...

7.9CVSS6.9AI score0.00506EPSS
Exploits3References22
RedhatCVE
RedhatCVE
added 2020/03/27 8:13 a.m.47 views

CVE-2020-10691

An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system. Mitigation A possibl...

5.2CVSS2.9AI score0.00358EPSS
Exploits0References3
Rows per page
Query Builder