#VU21766 Path traversal in Ansible - CVE-2019-3828


Vulnerability identifier: #VU21766

Vulnerability risk: High

CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-3828

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Ansible
Server applications / Remote management servers, RDP, SSH

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and copy and overwrite files outside of the specified destination in the local ansible controller host.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Ansible: 2.5.0 - 2.5.14, 2.6.0 - 2.6.13, 2.7.0 - 2.7.7

External links
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828
https://github.com/ansible/ansible/pull/52133

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler update for ansible
Red Hat OpenStack Platform 13 update for ansible
Red Hat OpenStack Platform 14 update for ansible
OpenSUSE Linux update for ansible
Path traversal in ansible (Alpine package)
OpenSUSE Linux update for ansible
OpenSUSE Linux update for ansible
OpenSUSE Linux update for ansible
Path traversal in Red Hat Ansible
Ansible Engine 2.6 update for ansible