Redhat » Ansible Tower » 3.3 : Security Vulnerabilities, CVEs, (Directory traversal)

cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*

CVE-2020-1737

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.
Max CVSS
7.8
EPSS Score
0.05%
Published
2020-03-09
Updated
2020-06-13

CVE-2020-1735

A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Max CVSS
4.6
EPSS Score
0.07%
Published
2020-03-16
Updated
2022-04-05
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close