← voltar
CVE-2020-1737

CVE-2020-1737

CVSS 7.5 HIGHEPSS 0.4%CWE-22
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
09 mar 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
Red Hat · Ansible

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →