17 matches found
ansible-core-2.20-2.20.6-1.1 on GA media (moderate)
ansible-core-2.20-2.20.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:10945-1 Rating: moderate Cross-References: CVE-2023-5115 CVE-2023-5764 CVE-2024-0690 CVE-2024-11079 CVE-2024-8775 CVE-2024-9902 CVSS scores: CVE-2023-5115 SUSE : 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N CVE-2023-57...
Azure Linux 3.0 Security Update: ansible (CVE-2023-5115)
The version of ansible installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5115 advisory. - An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to...
CBL Mariner 2.0 Security Update: ansible (CVE-2023-5115)
The version of ansible installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5115 advisory. - An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to...
CVE-2023-5115 affecting package ansible for versions less than 2.14.11-1
CVE-2023-5115 affecting package ansible for versions less than 2.14.11-1. A patched version of the package is available...
Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion HCI and IBM Fusion HCI for watsonx
Summary Multiple vulnerabilities affecting IBM Fusion HCI and IBM Fusion HCI for watsonx could have resulted in reduced security. These issues have since been resolved. CVE-2023-5115, CVE-2023-5764, CVE-2024-9902, CVE-2024-8775, CVE-2024-11079, CVE-2024-9506, CVE-2024-43799, CVE-2024-6119,...
Debian dla-3695 : ansible - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3695 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3695-2 [email protected] https://www.debian.org/lts/security/...
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:5758)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5758 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
Medium: ansible-core
Issue Overview: The upstream report describes this issue as follows: When installing a maliciously created Ansible role using 'ansible-galaxy role install', arbitrary files the user has access to can be overwritten. The malicious role must contain a symlink with an absolute path to the target fil...
Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2024-505)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-505 advisory. The upstream report describes this issue as follows: When installing a maliciously created Ansible role using 'ansible-galaxy role install', arbitrary files the user has access to can be...
CVE-2023-5115
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path...
CVE-2023-5115
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path...
CVE-2023-5115
The CVE-2023-5115 issue is an absolute path traversal in the Ansible automation platform, enabling a maliciously crafted Ansible role (via a symlink) to overwrite files outside the intended extraction path. Affected component is Ansible (ansible-core/associated packages), with root cause describe...
CVE-2023-5115 Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path...
Fedora 39 : ansible-core (2023-389ed7a7e7)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-389ed7a7e7 advisory. Update to 2.16.0b2. Mitigates CVE-2023-5115. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...
Fedora 38 : ansible-core (2023-e5d4a632a5)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e5d4a632a5 advisory. Update to 2.14.11. Mitigates CVE-2023-5115. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
Fedora 37 : ansible-core (2023-cdc7db366e)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-cdc7db366e advisory. Update to 2.14.11. Mitigates CVE-2023-5115. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
CVE-2023-5115
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path...