CVE-2023-5115

Description

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

EPSS Trends

Current EPSS score: 0.66%• Percentile: 71%

Techniques & Countermeasures

• CWE-22•Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

• CWE-36•Absolute Path Traversal

  The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

Affected Systems

• debian•debian_linux

  10.0

• PyPI•ansible

  < 8.5.0

• redhat•ansible_automation_platform

  1.2 | 2.3 | 2.4

• redhat•ansible_developer

  1.0 | 1.1

• redhat•ansible_inside

  1.1 | 1.2

References (9)

• https://access.redhat.com/errata/RHSA-2023:5701
• https://access.redhat.com/errata/RHSA-2023:5758
• https://access.redhat.com/security/cve/CVE-2023-5115
• https://bugzilla.redhat.com/show_bug.cgi?id=2233810
• https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
• https://nvd.nist.gov/vuln/detail/CVE-2023-5115
• https://github.com/ansible/ansible/commit/1e930684bc0a76ec3d094cd326738ad26416541c
• https://github.com/ansible-community/ansible-build-data/blob/16d36538b96c65d9e0e28d89781361b69857ac0e/8/CHANGELOG-v8.rst#L221
• https://github.com/ansible/ansible