Published: 27/03/2019 Updated: 12/06/2023

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.2 | Impact Score: 2.7 | Exploitability Score: 1.1

VMScore: 294

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N

Ansible fetch module prior to 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat ansible

Debian Bug report logs - #922537 ansible: CVE-2019-3828 Package: src:ansible; Maintainer for src:ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 17 Feb 2019 20:21:01 UTC Severity: serious Tags: security, upstream Found in version ansible/27 ...

Several security issues were fixed in Ansible ...

Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 2Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...

Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 27Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red Hat OpenStack Platform 140 (Rocky)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) b ...

Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 25Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak CVE-2018-10875 ansiblecfg was read from the current working directory CVE-2018-16837 The user module leaked param ...

CWE-22 https://github.com/ansible/ansible/pull/52133 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html https://usn.ubuntu.com/4072-1/http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html https://access.redhat.com/errata/RHSA-2019:3744 https://access.redhat.com/errata/RHSA-2019:3789 http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922537 https://usn.ubuntu.com/4072-1/https://nvd.nist.gov

CVE-2019-3828

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect