An archive traversal flaw was found in all ansible-engine versions 2.9.x before 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat ansible engine |
||
redhat ansible tower 3.0 |