Arbitrary File Overwrite

2023-10-0913:55:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

arbitrary file overwrite

remote attacks

html injection

script injection

cookie theft

phishing attacks

system control

ansible vulnerability

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

0.001 Low

EPSS

Percentile

29.5%

JSON

ansible is vulnerable to Arbitrary File Overwrite. This vulnerability allows remote attackers to inject arbitrary HTML and script code into the response. This could allow attackers to steal cookies, perform phishing attacks, or take control of vulnerable systems.

CPENameOperatorVersion
ansible:sideq2.9.13+dfsg-1
ansible:bookwormeq2.10.7+merged+base+2.10.8+dfsg-1
ansible:sideq2.9.13+dfsg-1
ansible:bookwormeq2.10.7+merged+base+2.10.8+dfsg-1
ansible:bustereq2.7.7+dfsg-1+deb10u1

Name	Operator	Version
ansible:sid	eq	2.9.13+dfsg-1
ansible:bookworm	eq	2.10.7+merged+base+2.10.8+dfsg-1
ansible:sid	eq	2.9.13+dfsg-1
ansible:bookworm	eq	2.10.7+merged+base+2.10.8+dfsg-1
ansible:buster	eq	2.7.7+dfsg-1+deb10u1