CVE-2019-3828
Published: 27 March 2019
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.2 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | High |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |