7.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-3096

GHSA ID

GHSA-rh6x-qvg7-rrmj

EPSS Score

0.26126%

CWE

CWE-59

Published

10/10/2018

Updated

9/4/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-3096

CVE-2016-3096: Link Following in ansible

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.

(GitHub Advisory)

7.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-3096

GHSA ID

GHSA-rh6x-qvg7-rrmj

EPSS Score

0.26126%

CWE

CWE-59

Published

10/10/2018

Updated

9/4/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
ansible	pip	<= 1.9.6.0	1.9.6.1
ansible	pip	>= 2.0.0.0, <= 2.0.1.0	2.0.2.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly cites the create_script function in the lxc_container module as the source of insecure temporary file handling. The commit diff shows this function was modified to replace static paths with tempfile.mkstemp(), confirming it previously used predictable paths. The CWE-59 (Link Following) mapping and patch message ('do not use predictable filenames') directly implicate this function's original implementation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** `*r**t*_s*ript` *un*tion in t** `lx*_*ont*in*r` mo*ul* in *nsi*l* ***or* *.*.*-* *n* *.x ***or* *.*.*.* *llows lo**l us*rs to writ* to *r*itr*ry *il*s or **in privil***s vi* * symlink *tt**k on (*) `/opt/.lx*-*tt***-s*ript`, (*) t** *r**iv** *ont

Reasoning

T** vuln*r**ility **s*ription *xpli*itly *it*s t** *r**t*_s*ript *un*tion in t** lx*_*ont*in*r mo*ul* *s t** sour** o* ins**ur* t*mpor*ry *il* **n*lin*. T** *ommit *i** s*ows t*is *un*tion w*s mo*i*i** to r*pl*** st*ti* p*t*s wit* t*mp*il*.mkst*mp(),

7.8

Basic Information

Concerned about an active attack path?

CVE-2016-3096: Link Following in ansible

7.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI