CVE-2023-5115

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Dec 18, 2023

Updated: Dec 29, 2023

CWE ID 22

Summary

CVE-2023-5115 is a new vulnerability affecting the Ansible automation platform. Attackers can exploit this absolute path traversal issue by crafting a malicious Ansible role. By doing so, they can manipulate the victim into executing the role, potentially overwriting files outside of the extraction path using a symlink. This could lead to unauthorized access or data theft. Users are urged to update their Ansible installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Red Hat Ansible Automation Platform
Debian

Affected Vendors

Debian
Red Hat

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/swOT_I
https://www.cve.org/CVERecord?id=CVE-2023-5115
https://nvd.nist.gov/vuln/detail/CVE-2023-5115

Back to Vulnerability Database