Your submission was sent successfully! Close

CVE-2020-10691

Published: 30 April 2020

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.

Priority

Medium

CVSS 3 base score: 5.2

Status

Package Release Status
ansible
Launchpad, Ubuntu, Debian
bionic Needs triage

eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Not vulnerable
(2.9.7+dfsg-1)
hirsute Not vulnerable
(2.9.7+dfsg-1)
impish Not vulnerable
(2.9.7+dfsg-1)
jammy Not vulnerable
(2.9.7+dfsg-1)
precise Does not exist

trusty Needs triage

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)