CVE-2020-1737

{"id": "CVE-2020-1737", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2020-03-09T16:15:12.407", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/ansible/ansible/issues/67795", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/202006-11", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10."}, {"lang": "es", "value": "Se detect\u00f3 un fallo en Ansible versiones 2.7.17 y anteriores, versiones 2.8.9 y anteriores, y versiones 2.9.6 y anteriores, cuando se usa la funci\u00f3n Extract-Zip desde el m\u00f3dulo win_unzip ya que los archivos extra\u00eddos no son comprobados si pertenecen a la carpeta de destino. Un atacante podr\u00eda tomar ventaja de este fallo al crear un archivo en cualquier parte del sistema de archivos, utilizando un salto de ruta. Este problema fue corregido en la versi\u00f3n 2.10."}], "lastModified": "2023-11-07T03:19:31.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D55D4795-99E8-4097-B704-1CC2BAD67148", "versionEndExcluding": "2.7.17"}, {"criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AFE2A90-1844-4D9D-80B3-E60048D81695", "versionEndExcluding": "2.8.9", "versionStartIncluding": "2.8.0"}, {"criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1561F609-E275-430B-B472-1B84F330FCA7", "versionEndExcluding": "2.9.6", "versionStartIncluding": "2.9.0"}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3C5721F-050A-42A3-A71D-6C6BA23D58FE", "versionEndIncluding": "3.3.4"}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5C0F920-A505-452D-AFAA-AE6C20FB25EF", "versionEndIncluding": "3.4.5", "versionStartIncluding": "3.4.0"}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2062F74-68D8-4E75-BC69-6038B519F823", "versionEndIncluding": "3.5.5", "versionStartIncluding": "3.5.0"}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "342D4A63-0972-413B-BD65-0495DBF1CDFB", "versionEndIncluding": "3.6.3", "versionStartIncluding": "3.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}