Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-9902
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Ansible-core: ansible-core user may read/write unauthorized content
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat Ansible 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat Ansible是美国红帽(Red Hat)公司的一款计算机系统配置管理器。该产品可用于发布、管理和编排计算机系统。 Red Hat Ansible存在安全漏洞,该漏洞源于user模块在处理用户权限和文件操作时存在逻辑缺陷或安全验证不足,导致非特权用户能够利用特定的操作场景获取不应该拥有的文件操作权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Red HatAnsible Automation Platform Execution Environments 3.0.1-96 ~ * cpe:/a:redhat:ansible_core:2::el9
Red HatAnsible Automation Platform Execution Environments 3.0.1-95 ~ * cpe:/a:redhat:ansible_core:2::el9
Red HatAnsible Automation Platform Execution Environments 2.9.27-32 ~ * cpe:/a:redhat:ansible_core:2::el9
Red HatAnsible Automation Platform Execution Environments 2.14.13-21 ~ * cpe:/a:redhat:ansible_core:2::el9
Red HatAnsible Automation Platform Execution Environments 2.17.6-2 ~ * cpe:/a:redhat:ansible_core:2::el9
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 8 1:2.15.13-1.el8ap ~ * cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 9 1:2.15.13-1.el9ap ~ * cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 8 1:2.16.13-1.el8ap ~ * cpe:/a:redhat:ansible_automation_platform:2.5::el9
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 9 1:2.16.13-1.el9ap ~ * cpe:/a:redhat:ansible_automation_platform:2.5::el9
Red HatRed Hat OpenStack Platform 17.1 for RHEL 9 0:2.14.2-4.6.el9ost ~ * cpe:/a:redhat:openstack:17.1::el9
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
II. Public POCs for CVE-2024-9902
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-9902
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same weakness: CWE-863
V. Comments for CVE-2024-9902

No comments yet

Leave a comment