VDB
DEBIAN-CVE-2023-5115
DEBIAN-CVE-2023-5115
PUBLISHED
CVSS 6.300000190734863 MEDIUM
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | ansible-core | 2.14.11-1, 0, 2.14.10-1 |
| Debian:14 | ansible-core | 0, 0, 0 |
| Debian:13 | ansible-core | 0, 0, 0 |
| Debian:12 | ansible | 0, 0, 0 |
| Debian:11 | ansible | 0, 2.10.7+merged+base+2.10.8+dfsg-1, 0 |
| Debian:14 | ansible | 0, 0, 0 |
| Debian:13 | ansible | 0, 0, 0 |
Timeline
- Dec 18, 2023 CVE Published
- Apr 28, 2026 CVE Updated