Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

win_unzip path traversal with specially crafted archive #67795

Closed
samdoran opened this issue Feb 26, 2020 · 2 comments · Fixed by #67799
Closed

win_unzip path traversal with specially crafted archive #67795

samdoran opened this issue Feb 26, 2020 · 2 comments · Fixed by #67799
Assignees
Labels
affects_2.10 This issue/PR affects Ansible v2.10 bug This issue/PR relates to a bug. has_pr This issue has an associated PR. module This issue/PR relates to a module. security Related to a vulnerability or CVE support:community This issue/PR relates to code supported by the Ansible community. windows Windows community

Comments

@samdoran
Copy link
Contributor

SUMMARY

CVE-2020-1737

A specially crafted zip archive could result in path traversal in the win_unzip module.

The Extract-Zip function doesn't check if the extracted path belongs to the destination folder.

A possible solution is to check destination path.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

lib/ansible/modules/windows/win_unzip.ps1

ANSIBLE VERSION
2.10
CONFIGURATION
default
OS / ENVIRONMENT
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS

@samdoran samdoran self-assigned this Feb 26, 2020
@samdoran samdoran added the security Related to a vulnerability or CVE label Feb 26, 2020
@ansibot
Copy link
Contributor

ansibot commented Feb 26, 2020

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibot
Copy link
Contributor

ansibot commented Feb 26, 2020

@ansibot ansibot added affects_2.10 This issue/PR affects Ansible v2.10 bug This issue/PR relates to a bug. module This issue/PR relates to a module. support:community This issue/PR relates to code supported by the Ansible community. windows Windows community labels Feb 26, 2020
@samdoran samdoran added the has_pr This issue has an associated PR. label Feb 26, 2020
@ansible ansible locked and limited conversation to collaborators Mar 27, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
affects_2.10 This issue/PR affects Ansible v2.10 bug This issue/PR relates to a bug. has_pr This issue has an associated PR. module This issue/PR relates to a module. security Related to a vulnerability or CVE support:community This issue/PR relates to code supported by the Ansible community. windows Windows community
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants