Proof of concept exploit for a path traversal vulnerability in Ansible's fetch module.
8c4c608182c45d96419302765b9eaa12ca07e339dc23cb5c1ded2218533abe68Red Hat Security Advisory 2019-3789-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include information leakage and traversal vulnerabilities.
5fba3daa955457daa792f7cc77f588da395cd01388ca5032d2a072a9b3d02de4Red Hat Security Advisory 2019-3744-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include information leakage and traversal vulnerabilities.
19dfbe0b0631d6ee801a6300eacdd4c9c6e7fc627fe06a7837c05d5dc559e07fUbuntu Security Notice 4072-1 - It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. Various other issues were also addressed.
067d7fa1810947a5a71e4e63c60c2cf15d329e2fb5336677d77831ac4b96d497Red Hat Security Advisory 2019-0431-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a traversal vulnerability.
8f36e85cc59e193fe75cdbbe302b121b8a7d63456b829ae5ccbbc18d0bd92760Red Hat Security Advisory 2019-0430-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a traversal vulnerability.
115db480d8acd284058dbc2b9f8f19d72753b76ee95bb06cf2139b85a0d858a1Red Hat Security Advisory 2019-0432-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a traversal vulnerability.
25d262d0929ed26f3c9a8d083b219a9f9378a368566644c5f0b2ada87269adf7Red Hat Security Advisory 2019-0433-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a traversal vulnerability.
f7e671e88c0039e80d7e4df094f3c1a998198cecc67f85642280355229761570Debian Linux Security Advisory 4396-1 - Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system.
2dde31e5783af9038db0eb1aa458aab47e774751c9f88602e04c74b7ca36d972
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed