CVE-2015-6240

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.

Published : 2017-06-07 20:29 Updated : 2019-09-16 15:15

7.2
CVSS Score More info
Score 7.2 / 10
7.2
Vendor Product Version URI
Redhat Ansible 1.9.1 cpe:/a:redhat:ansible:1.9.1
  1. Redhat (1) Search CVE
    1. Ansible (1) Search CVE
      1. 1.9.1

CWE

ID Name Description Links
CWE-59 Improper Link Resolution Before File Access ('Link Following') The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. CVE

History of changes

Date Event
2019-09-16 15:15
2018-09-18 19:30
2017-06-15 05:27
2017-06-07 20:29

New CVE