Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.49 views

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:7773)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7773 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

7.8CVSS7.2AI score0.00834EPSS
Exploits1References7
NVD
NVD
added 2023/11/14 11:15 p.m.33 views

CVE-2023-5189

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...

6.5CVSS0.00834EPSS
Exploits1References5
CVE
CVE
added 2023/11/14 10:57 p.m.186 views

CVE-2023-5189

CVE-2023-5189 affects Ansible’s galaxy-importer tarball extraction in Ansible Automation Hub. A crafted tarball could trigger path traversal, dropping a symlink and overwriting files. Red Hat advisories note fixes: update to ansible-core 2.15.8 and python3-galaxy-importer (galaxy-importer) 0.4.18...

6.5CVSS6.2AI score0.00834EPSS
Exploits1References5Affected Software2
Cvelist
Cvelist
added 2023/11/14 10:57 p.m.32 views

CVE-2023-5189 Hub: insecure galaxy-importer tarfile extraction

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...

6.3CVSS6.5AI score0.00834EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/11/14 10:57 p.m.28 views

CVE-2023-5189 Hub: insecure galaxy-importer tarfile extraction

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...

6.3CVSS6.6AI score0.00834EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2023/11/14 10:57 p.m.47 views

CVE-2023-5189

Removed by vendor...

6.5CVSS6AI score0.00834EPSS
Exploits1
Rows per page
Query Builder