Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-5115

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.

Published

2023-12-18T14:15:10.500

Last Modified

2024-12-06T11:15:07.183

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-36
Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	ansible_automation_platform	1.2	Yes
Application	redhat	ansible_automation_platform	2.3	Yes
Application	redhat	ansible_automation_platform	2.4	Yes
Operating System	redhat	enterprise_linux	8.0	No
Operating System	redhat	enterprise_linux	9.0	No
Application	redhat	ansible_inside	1.1	Yes
Application	redhat	ansible_inside	1.2	Yes
Operating System	redhat	enterprise_linux	8.0	No
Operating System	redhat	enterprise_linux	9.0	No
Application	redhat	ansible_developer	1.0	Yes
Application	redhat	ansible_developer	1.1	Yes
Operating System	redhat	enterprise_linux	8.0	No
Operating System	redhat	enterprise_linux	9.0	No
Operating System	debian	debian_linux	10.0	Yes

References

https://access.redhat.com/errata/RHSA-2023:5701 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:5758 Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2023-5115 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2233810 Issue Tracking ([email protected])
https://access.redhat.com/errata/RHSA-2023:5701 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:5758 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-5115 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2233810 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html (af854a3a-2127-422b-91ae-364da2661108)