Vulnerability Details CVE-2020-10691
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.1%
CVSS Severity
CVSS v3 Score 5.2
CVSS v2 Score 3.6
References
Products affected by CVE-2020-10691
-
cpe:2.3:a:redhat:ansible_engine:2.9.0
-
cpe:2.3:a:redhat:ansible_engine:2.9.3
-
cpe:2.3:a:redhat:ansible_engine:2.9.5
-
cpe:2.3:a:redhat:ansible_engine:2.9.6
-
cpe:2.3:a:redhat:ansible_tower:3.0