CVE-2023-5115

MEDIUM Year: 2023
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-36
View all →

Vulnerability Description

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.

Related Vulnerabilities

CVE-2021-1617

MEDIUM
CVSS:6.5(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection atta...

CWE-362021

CVE-2021-21586

MEDIUM
CVSS:6.5(Medium)

Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files...

CWE-362021

CVE-2021-30173

MEDIUM
CVSS:6.5(Medium)

Local File Inclusion vulnerability of the omni-directional communication system allows remote authenticated attacker inject absolute path into Url parameter and access arbitrary file.

CWE-362021

CVE-2021-32506

MEDIUM
CVSS:6.5(Medium)

Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been...

CWE-362021

CVE-2021-32507

MEDIUM
CVSS:6.5(Medium)

Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has ...

CWE-362021

CVE-2022-20791

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unifie...

CWE-362022