Miggo Logo

CVE-2020-1735: Path Traversal in Ansible

4.6

CVSS Score
3.1

Basic Information

EPSS Score
0.13631%
Published
4/7/2021
Updated
9/9/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
ansiblepip>= 2.7.0a1, < 2.7.182.7.18
ansiblepip>= 2.8.0a1, < 2.8.122.8.12
ansiblepip>= 2.9.0a1, < 2.9.82.9.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from how the fetch module handles remote file paths. The code in fetch.py used the 'source' parameter from the remote host's slurp response (remote_source) to build destination paths without proper validation. Attackers could supply malicious paths with directory traversal sequences. The GitHub issue (#67793) and commit diff show the fix involved avoiding slurp return values for destination setup and adding path safety checks, confirming the vulnerable pattern was in the destination path construction logic of the fetch action module.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in t** *nsi*l* *n*in* w**n t** **t** mo*ul* is us**. *n *tt**k*r *oul* int*r**pt t** mo*ul*, inj**t * n*w p*t*, *n* t**n **oos* * n*w **stin*tion p*t* on t** *ontroll*r no**. *ll v*rsions in *.*.x, *.*.x *n* *.*.x *r*n***s *r* **li*v

Reasoning

T** vuln*r**ility st*ms *rom *ow t** `**t**` mo*ul* **n*l*s r*mot* *il* p*t*s. T** *o** in `**t**.py` us** t** 'sour**' p*r*m*t*r *rom t** r*mot* *ost's slurp r*spons* (r*mot*_sour**) to *uil* **stin*tion p*t*s wit*out prop*r v*li**tion. *tt**k*rs *o