An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an malicious user to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat ansible_automation_platform 1.2 |
||
redhat ansible_automation_platform 2.3 |
||
redhat ansible_automation_platform 2.4 |
||
redhat ansible_inside 1.1 |
||
redhat ansible_inside 1.2 |
||
redhat ansible_developer 1.0 |
||
redhat ansible_developer 1.1 |
||
debian debian linux 10.0 |