CVE-2019-3828
path traversal vulnerability in ansible (PyPI)
What is CVE-2019-3828 About?
This path traversal vulnerability in Ansible's fetch module allows an attacker to overwrite local files outside the designated directory on the Ansible controller. The impact is data integrity compromise on the controller. It is relatively easy to exploit if an attacker can control output paths.
Affected Software
- ansible
- >=2.6.0a1, <2.6.14
- <2.5.15
- >=2.7.0a1, <2.7.8
Technical Details
The Ansible fetch module before specified versions fails to properly restrict absolute paths provided as part of file operations. When copying files, if an attacker can manipulate the path provided to the fetch module to include an absolute path or path traversal sequences, the module will write or overwrite a file at the attacker-specified location outside of the intended destination directory on the local Ansible controller host. This bypasses the intended directory restrictions, leading to arbitrary file overwrite.
What is the Impact of CVE-2019-3828?
Successful exploitation may allow attackers to compromise data integrity, overwrite critical system files, or potentially achieve remote code execution depending on the overwritten file's nature and location.
What is the Exploitability of CVE-2019-3828?
Exploitation of this vulnerability is of moderate complexity. It requires an attacker to be able to influence the paths used by the Ansible fetch module. While no authentication is explicitly mentioned for the path manipulation itself, the attacker would likely need some level of control over the playbook execution or its input parameters. This is a remote vulnerability as the overwrite occurs on the Ansible controller, potentially triggered by a compromised remote node or malicious input. The primary risk factor is insufficient input validation in the fetch module regarding path specifications.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2019-3828?
Available Upgrade Options
- ansible
- <2.5.15 → Upgrade to 2.5.15
- ansible
- >=2.6.0a1, <2.6.14 → Upgrade to 2.6.14
- ansible
- >=2.7.0a1, <2.7.8 → Upgrade to 2.7.8
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://access.redhat.com/errata/RHSA-2019:3744
- https://osv.dev/vulnerability/GHSA-74vq-h4q8-x6jv
- https://github.com/ansible/ansible
- http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
- https://github.com/ansible/ansible/commit/4be3215d2f9f84ca283895879f0c6ce1ed7dd333
- https://github.com/ansible/ansible/commit/f3edc091523fbe301926b7a0db25fbbd96940d93
- https://access.redhat.com/errata/RHSA-2019:3789
- https://usn.ubuntu.com/4072-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
What are Similar Vulnerabilities to CVE-2019-3828?
Similar Vulnerabilities: CVE-2023-50953 , CVE-2023-45811 , CVE-2023-49089 , CVE-2023-48767 , CVE-2023-44154
