CVE-2023-5115

Summary

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Ansible Automation Platform 2.3 for RHEL 80:2.14.11-1.el8ap < *unaffected
Red HatRed Hat Ansible Automation Platform 2.3 for RHEL 90:2.14.11-1.el9ap < *unaffected
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 80:2.15.5-1.el8ap < *unaffected
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 90:2.15.5-1.el9ap < *unaffected

Weaknesses

  • CWE-36: Absolute Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References