Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disallow use of remote home directories containing .. in their path (CVE-2019-3828) #52133

Merged
merged 2 commits into from Feb 13, 2019

Conversation

sivel
Copy link
Member

@sivel sivel commented Feb 12, 2019

SUMMARY

Disallow use of remote home directories containing .. in their path

Resolves CVE-2019-3828

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

lib/ansible/action/__init__.py

ADDITIONAL INFORMATION

@ansibot ansibot added affects_2.8 This issue/PR affects Ansible v2.8 bug This issue/PR relates to a bug. core_review In order to be merged, this PR must follow the core review workflow. needs_triage Needs a first human triage before being processed. support:community This issue/PR relates to code supported by the Ansible community. support:core This issue/PR relates to code supported by the Ansible Engineering Team. needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. and removed core_review In order to be merged, this PR must follow the core review workflow. needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. labels Feb 12, 2019
@abadger abadger changed the title Disallow use of remote home directories containing .. in their path Disallow use of remote home directories containing .. in their path (CVE-2019-3828) Feb 13, 2019
@abadger
Copy link
Contributor

abadger commented Feb 13, 2019

Looks good to me.

@sivel sivel removed the needs_triage Needs a first human triage before being processed. label Feb 13, 2019
@sivel sivel merged commit b34d141 into ansible:devel Feb 13, 2019
sivel added a commit to sivel/ansible that referenced this pull request Feb 13, 2019
… their path (CVE-2019-3828) (ansible#52133)

* Disallow use of remote home directories containing .. in their path

* Add CVE to changelog
(cherry picked from commit b34d141)

Co-authored-by: Matt Martz <matt@sivel.net>
sivel added a commit to sivel/ansible that referenced this pull request Feb 13, 2019
… their path (CVE-2019-3828) (ansible#52133)

* Disallow use of remote home directories containing .. in their path

* Add CVE to changelog
(cherry picked from commit b34d141)

Co-authored-by: Matt Martz <matt@sivel.net>
sivel added a commit to sivel/ansible that referenced this pull request Feb 13, 2019
… their path (CVE-2019-3828) (ansible#52133)

* Disallow use of remote home directories containing .. in their path

* Add CVE to changelog
(cherry picked from commit b34d141)

Co-authored-by: Matt Martz <matt@sivel.net>
abadger pushed a commit that referenced this pull request Feb 13, 2019
… their path (CVE-2019-3828) (#52133) (#52173)

* Disallow use of remote home directories containing .. in their path

* Add CVE to changelog
(cherry picked from commit b34d141)

Co-authored-by: Matt Martz <matt@sivel.net>
abadger pushed a commit that referenced this pull request Feb 13, 2019
… their path (CVE-2019-3828) (#52133)

* Disallow use of remote home directories containing .. in their path

* Add CVE to changelog
(cherry picked from commit b34d141)

Co-authored-by: Matt Martz <matt@sivel.net>
nitzmahone pushed a commit that referenced this pull request Feb 18, 2019
… their path (CVE-2019-3828) (#52133) (#52175)

* Disallow use of remote home directories containing .. in their path

* Add CVE to changelog
(cherry picked from commit b34d141)

Co-authored-by: Matt Martz <matt@sivel.net>
@ansible ansible locked and limited conversation to collaborators Jul 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
affects_2.8 This issue/PR affects Ansible v2.8 bug This issue/PR relates to a bug. core_review In order to be merged, this PR must follow the core review workflow. support:community This issue/PR relates to code supported by the Ansible community. support:core This issue/PR relates to code supported by the Ansible Engineering Team.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants