CVE-2023-5189
MEDIUMAnsible Automation Platform - Path Traversal via Malicious Tarball Extraction
Title source: llmDescription
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7773
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1536
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2010
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-5189
Exploit, Issue Tracking, Vendor Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2234387
Scores
CVSS v3
6.3
EPSS
0.0083
EPSS Percentile
52.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
CWE-23
Status
published
Products (3)
pypi/galaxy-importer
0PyPI
redhat/ansible_automation_platform
2.0
redhat/satellite
6.0
Published
Nov 14, 2023
Tracked Since
Feb 18, 2026