A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat satellite 6.0 |
||
redhat ansible automation platform 2.0 |