An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.

Affected Packages

PyPI ansible

Affected versions: 0 (fixed in 8.5.0)

Related CVEs

CVE-2023-5115

Key Information

GHSA ID

GHSA-jpvw-p8pr-9g2x

Published

December 28, 2023 9:30 PM

Last Modified

December 6, 2024 6:06 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

ansible

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.