Miggo Logo

CVE-2016-3096: Link Following in ansible

7.8

CVSS Score
3.0

Basic Information

EPSS Score
0.26126%
Published
10/10/2018
Updated
9/4/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
ansiblepip<= 1.9.6.01.9.6.1
ansiblepip>= 2.0.0.0, <= 2.0.1.02.0.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly cites the create_script function in the lxc_container module as the source of insecure temporary file handling. The commit diff shows this function was modified to replace static paths with tempfile.mkstemp(), confirming it previously used predictable paths. The CWE-59 (Link Following) mapping and patch message ('do not use predictable filenames') directly implicate this function's original implementation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** `*r**t*_s*ript` *un*tion in t** `lx*_*ont*in*r` mo*ul* in *nsi*l* ***or* *.*.*-* *n* *.x ***or* *.*.*.* *llows lo**l us*rs to writ* to *r*itr*ry *il*s or **in privil***s vi* * symlink *tt**k on (*) `/opt/.lx*-*tt***-s*ript`, (*) t** *r**iv** *ont

Reasoning

T** vuln*r**ility **s*ription *xpli*itly *it*s t** *r**t*_s*ript *un*tion in t** lx*_*ont*in*r mo*ul* *s t** sour** o* ins**ur* t*mpor*ry *il* **n*lin*. T** *ommit *i** s*ows t*is *un*tion w*s mo*i*i** to r*pl*** st*ti* p*t*s wit* t*mp*il*.mkst*mp(),