What is CVE-2020-10691?

CVE-2020-10691 is a medium-severity vulnerability in Red Hat Ansible, classified under Path Traversal. CVSS score: 5.2/10. Published 2020-04-30.

How severe is CVE-2020-10691?

Medium severity. CVSS v3 base score is 5.2 out of 10.

Path Traversal in Red Hat Ansible

CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. A…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (32.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L.

Affected products

Red Hat Ansible — versions all ansible-engine versions 2.9.x prior to 2.9.7

Weakness classification (CWE)

CWE-22 — Path Traversal

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
github.com/ansible/ansible/pull/68596 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-10691?: CVE-2020-10691 is a medium-severity vulnerability in Red Hat Ansible, classified under Path Traversal. CVSS score: 5.2/10. Published 2020-04-30.
How severe is CVE-2020-10691?: Medium severity. CVSS v3 base score is 5.2 out of 10.