Path Traversal

2023-10-1608:45:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

path traversal

ansible-core

role.py

installation directory

vulnerability

software

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.8%

JSON

ansible-core is vulnerable to Path Traversal. The vulnerability exists due to the lack of sanitization in the linkname of role.py, which allows an attacker to overwrite files outside of the installation directory.

CPENameOperatorVersion
ansible-coreeq2.16.0b1
ansible-corele2.15.5rc1
ansible-corele2.13.12rc1
ansible-corele2.14.11rc1
ansible-coreeq2.16.0b1
ansible-corele2.15.5rc1
ansible-corele2.13.12rc1
ansible-corele2.14.11rc1

Name	Operator	Version
ansible-core	eq	2.16.0b1
ansible-core	le	2.15.5rc1
ansible-core	le	2.13.12rc1
ansible-core	le	2.14.11rc1
ansible-core	eq	2.16.0b1
ansible-core	le	2.15.5rc1
ansible-core	le	2.13.12rc1
ansible-core	le	2.14.11rc1