{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-3828", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-04T19:19:18.580Z", "dateReserved": "2019-01-03T00:00:00", "datePublished": "2019-03-27T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-06-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path."}], "affected": [{"vendor": "Red Hat", "product": "Ansible", "versions": [{"version": "2.5.15", "status": "affected"}, {"version": "2.6.14", "status": "affected"}, {"version": "2.7.8", "status": "affected"}]}], "references": [{"url": "https://github.com/ansible/ansible/pull/52133"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828"}, {"name": "openSUSE-SU-2019:1125", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"}, {"name": "openSUSE-SU-2019:1635", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"}, {"name": "USN-4072-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4072-1/"}, {"name": "openSUSE-SU-2019:1858", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html"}, {"name": "RHSA-2019:3744", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3744"}, {"name": "RHSA-2019:3789", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3789"}, {"url": "http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-22", "cweId": "CWE-22"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:19:18.580Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/ansible/ansible/pull/52133", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828", "tags": ["x_transferred"]}, {"name": "openSUSE-SU-2019:1125", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"}, {"name": "openSUSE-SU-2019:1635", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"}, {"name": "USN-4072-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4072-1/"}, {"name": "openSUSE-SU-2019:1858", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html"}, {"name": "RHSA-2019:3744", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3744"}, {"name": "RHSA-2019:3789", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3789"}, {"url": "http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D00678C-9643-485D-9B89-86B7C6C7271C", "versionEndExcluding": "2.5.15", "versionStartIncluding": "2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "matchCriteriaId": "306F9CF3-3321-47FE-8F7E-0D8A4FE9E946", "versionEndExcluding": "2.6.14", "versionStartIncluding": "2.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "matchCriteriaId": "20692032-5F40-4107-8897-C3C46B8B98C3", "versionEndExcluding": "2.7.8", "versionStartIncluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path."}, {"lang": "es", "value": "El m\u00f3dulo fetch de Ansible, en versiones anteriores a las 2.5.15, 2.6.14 y 2.7.8, tiene una vulnerabilidad de salto de directorio que permite la copia y la sobrescritura de archivos fuera de la carpeta especificada en el host del controlador local de Ansible mediante la no restricci\u00f3n de una ruta absoluta."}], "id": "CVE-2019-3828", "lastModified": "2024-11-21T04:42:37.820", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.1, "impactScore": 2.7, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-27T13:29:01.617", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3744"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3789"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ansible/ansible/pull/52133"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4072-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3744"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ansible/ansible/pull/52133"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4072-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Kevin Backhouse (Semmle Security Research Team) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2019:0432", "cpe": "cpe:/a:redhat:ansible_engine:2.5::el7", "impact": "moderate", "package": "ansible-0:2.5.15-1.el7ae", "product_name": "Red Hat Ansible Engine 2.5 for RHEL 7", "release_date": "2019-02-28T00:00:00Z"}, {"advisory": "RHSA-2019:0433", "cpe": "cpe:/a:redhat:ansible_engine:2.6::el7", "impact": "moderate", "package": "ansible-0:2.6.14-1.el7ae", "product_name": "Red Hat Ansible Engine 2.6 for RHEL 7", "release_date": "2019-02-28T00:00:00Z"}, {"advisory": "RHSA-2019:0431", "cpe": "cpe:/a:redhat:ansible_engine:2.7::el7", "impact": "moderate", "package": "ansible-0:2.7.8-1.el7ae", "product_name": "Red Hat Ansible Engine 2.7 for RHEL 7", "release_date": "2019-02-28T00:00:00Z"}, {"advisory": "RHSA-2019:0430", "cpe": "cpe:/a:redhat:ansible_engine:2::el7", "impact": "moderate", "package": "ansible-0:2.7.8-1.el7ae", "product_name": "Red Hat Ansible Engine 2 for RHEL 7", "release_date": "2019-02-28T00:00:00Z"}, {"advisory": "RHSA-2019:3789", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "ansible-0:2.6.19-1.el7ae", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2019-11-07T00:00:00Z"}, {"advisory": "RHSA-2019:3744", "cpe": "cpe:/a:redhat:openstack:14::el7", "package": "ansible-0:2.6.19-1.el7ae", "product_name": "Red Hat OpenStack Platform 14.0 (Rocky)", "release_date": "2019-11-06T00:00:00Z"}], "bugzilla": {"description": "Ansible: path traversal in the fetch module", "id": "1676689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1676689"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.", "A path traversal flaw was found in ansible. The fetch module allows copying and overwriting files outside of the specified destination in the local ansible controller host by not restricting an absolute path. The main threat from this vulnerability is to data confidentiality and integrity."], "name": "CVE-2019-3828", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Out of support scope", "package_name": "ansible", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:ansible_tower:3", "fix_state": "Affected", "package_name": "ansible", "product_name": "Red Hat Ansible Tower 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Affected", "package_name": "ansible", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Affected", "package_name": "ansible", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:openshift:3.2", "fix_state": "Will not fix", "package_name": "ansible", "product_name": "Red Hat OpenShift Container Platform 3.2"}, {"cpe": "cpe:/a:redhat:openshift:3.3", "fix_state": "Will not fix", "package_name": "ansible", "product_name": "Red Hat OpenShift Container Platform 3.3"}, {"cpe": "cpe:/a:redhat:openshift:3.4", "fix_state": "Will not fix", "package_name": "ansible", "product_name": "Red Hat OpenShift Container Platform 3.4"}, {"cpe": "cpe:/a:redhat:openshift:3.5", "fix_state": "Will not fix", "package_name": "ansible", "product_name": "Red Hat OpenShift Container Platform 3.5"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Will not fix", "package_name": "ansible", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Will not fix", "package_name": "ansible", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "ansible", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "ansible", "product_name": "Red Hat Storage 3"}], "public_date": "2019-02-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-3828\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3828\nhttps://github.com/ansible/ansible/pull/52133"], "statement": "Red Hat CloudForms 4.5 and 4.6 are now in Maintenance Support Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat CloudForms Life Cycle: https://access.redhat.com/support/policy/updates/cloudforms/", "threat_severity": "Moderate"}