Path Traversal Vulnerability in Ansible Fetch Module

Path Traversal Vulnerability in Ansible Fetch Module

CVE-2019-3828 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

Learn more about our Web Application Penetration Testing UK.