6 matches found
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:7773)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7773 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
CVE-2023-5189
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...
CVE-2023-5189
CVE-2023-5189 affects Ansible’s galaxy-importer tarball extraction in Ansible Automation Hub. A crafted tarball could trigger path traversal, dropping a symlink and overwriting files. Red Hat advisories note fixes: update to ansible-core 2.15.8 and python3-galaxy-importer (galaxy-importer) 0.4.18...
CVE-2023-5189 Hub: insecure galaxy-importer tarfile extraction
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...
CVE-2023-5189 Hub: insecure galaxy-importer tarfile extraction
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...
CVE-2023-5189
Removed by vendor...