VYPR
Moderate severityNVD Advisory· Published Nov 14, 2023· Updated Nov 20, 2025

Hub: insecure galaxy-importer tarfile extraction

CVE-2023-5189

Description

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
galaxy-importerPyPI
<= 0.4.16

Affected products

4
  • cpe:/a:redhat:ansible_automation_platform:2.4::el8
    Range: 0:0.4.18-1.el9ap
  • Red Hat/Red Hat Satellite 6.14 for RHEL 8v5
    cpe:/a:redhat:satellite:6.14::el8
    Range: 0:0.4.18-2.el8pc
  • Red Hat/Red Hat Satellite 6.15 for RHEL 8v5
    cpe:/a:redhat:satellite_utils:6.15::el8
    Range: 0:0.4.19-2.el8pc
  • ghsa-coords
    Range: <= 0.4.16

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.