13 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-5189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of...
Hub: insecure galaxy-importer tarfile extraction
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...
Hub: insecure galaxy-importer tarfile extraction
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...
Hub: insecure galaxy-importer tarfile extraction
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...
galaxy-ng (>=4.2.0 <=4.4.5), pulp-ansible (>=0.2.0 <=0.6.2) potentially affected by CVE-2023-5189 via galaxy-importer (>=0.1.1 <=0.4.0)
galaxy-importer PYPI version =0.1.1, =4.2.0, =0.2.0, =0.6.2 Source cves: CVE-2023-5189 Source advisory: OSV:GHSA-55G2-VM3Q-7W52...
GHSA-55G2-VM3Q-7W52 Ansible galaxy-importer Path Traversal vulnerability
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...
Ansible galaxy-importer Path Traversal vulnerability
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...
CVE-2023-5189
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...
UBUNTU-CVE-2023-5189
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...
CVE-2023-5189
Removed by vendor...
Moderate: Red Hat Bug Fix Advisory: Red Hat Ansible Automation Platform 2.4 Container Release Update
An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...
Red Hat Ansible Automation Security Vulnerability
Red Hat Ansible Automation is a software application from Red Hat, Inc. It provides a means to automate all aspects of an infrastructure, from servers and network devices to operating systems, applications, and security. A security vulnerability exists in Red Hat Ansible Automation Hub, which ste...
PT-2023-5467
Name of the Vulnerable Software and Affected Versions Ansible affected versions not specified Description A path traversal issue exists when Ansible extracts tarballs, allowing an attacker to craft a malicious tarball. This could result in a symlink being dropped on the disk when using the galaxy...