42 matches found
CVE-2020-1735
CVE-2020-1735 is a vulnerability in the Ansible Engine where the fetch module can be intercepted, enabling an attacker to inject a new path and choose a different destination path on the controller. The issue affects all 2.7.x, 2.8.x and 2.9.x branches. Connected advisories confirm multiple vendo...
CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
PT-2020-6580
Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.x through 2.9.x Description A flaw was found in the Ansible Engine when the fetch module is used, allowing an attacker to intercept the module, inject a new path, and choose a new destination path on the controller...
CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. Mitigation Currently, there is no mitigation for this issue except avoid using the affected fetch module...
Ansible: path traversal in the fetch module
A path traversal flaw was found in ansible. The fetch module allows copying and overwriting files outside of the specified destination in the local ansible controller host by not restricting an absolute path. The main threat from this vulnerability is to data confidentiality and integrity...
GHSA-74VQ-H4Q8-X6JV Ansible Path Traversal vulnerability
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
CVE-2019-3828
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
CVE-2019-3828
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
Path traversal
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
PYSEC-2019-75
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
PYSEC-2019-5
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
CVE-2019-3828
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
CVE-2019-3828
CVE-2019-3828 affects the Ansible fetch module. The vulnerability exists in affected releases where the fetch module does not restrict absolute paths, enabling path traversal to copy or overwrite files outside the designated destination on the local Ansible controller host. Affected versions are ...
CVE-2019-3828
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
CVE-2019-3828
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
Updated ansible packages fix security vulnerability
The user module leaked parameters passed to ssh-keygen to the process environment CVE-2018-16837. The fetch module was susceptible to path traversal CVE-2019-3828...
MGASA-2019-0114 Updated ansible packages fix security vulnerability
The user module leaked parameters passed to ssh-keygen to the process environment CVE-2018-16837. The fetch module was susceptible to path traversal CVE-2019-3828...
RHEL 7 : ansible (RHSA-2019:0430)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0430 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does n...
Ansible: path traversal in the fetch module
A path traversal flaw was found in ansible. The fetch module allows copying and overwriting files outside of the specified destination in the local ansible controller host by not restricting an absolute path. The main threat from this vulnerability is to data confidentiality and integrity...