An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
{ "nvd_published_at": "2023-12-18T14:15:10Z", "cwe_ids": [ "CWE-22", "CWE-36" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-12-29T18:19:35Z" }