CVE-2019-3828

Summary

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

Affected Software

VendorProductVersion RangeStatus
Red HatAnsible2.5.15affected
Red HatAnsible2.6.14affected
Red HatAnsible2.7.8affected

Weaknesses

  • CWE-22: CWE-22

ADP Enrichment

CVE Program Container

Additional References

References