A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.
Release Notes
ansible/ansible (ansible-core)
### [`v2.16.13`](https://redirect.github.com/ansible/ansible/releases/tag/v2.16.13)
[Compare Source](https://redirect.github.com/ansible/ansible/compare/v2.16.12...v2.16.13)
### Changelog
See the [full changelog](https://redirect.github.com/ansible/ansible/blob/v2.16.13/changelogs/CHANGELOG-v2.16.rst) for the changes included in this release.
### Release Artifacts
- Built Distribution: [ansible_core-2.16.13-py3-none-any.whl](https://files.pythonhosted.org/packages/a3/04/56026299305edeb0b8aa11263474d20ac41406f7e188f2068d9f8adc3a3a/ansible_core-2.16.13-py3-none-any.whl) - ‌2253485 bytes
- 859cd5ac00c5e52a8d63906985691d0fd1b8ed4f0600862a5e360bd1fd5f8f53 (SHA256)
- Source Distribution: [ansible_core-2.16.13.tar.gz](https://files.pythonhosted.org/packages/62/b1/a9d35df37506995d65b6d763fe0c83475797064c56f7341938e9b0e593d9/ansible_core-2.16.13.tar.gz) - ‌3158231 bytes
- 45194e11efe3c4c0c9bb0b112b6ddc1ca5028a01be6b41bae593576a8b1127af (SHA256)
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
==2.16.12->==2.16.13GitHub Vulnerability Alerts
CVE-2024-9902
A flaw was found in Ansible. The ansible-core
usermodule can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes theusermodule against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.Release Notes
ansible/ansible (ansible-core)
### [`v2.16.13`](https://redirect.github.com/ansible/ansible/releases/tag/v2.16.13) [Compare Source](https://redirect.github.com/ansible/ansible/compare/v2.16.12...v2.16.13) ### Changelog See the [full changelog](https://redirect.github.com/ansible/ansible/blob/v2.16.13/changelogs/CHANGELOG-v2.16.rst) for the changes included in this release. ### Release Artifacts - Built Distribution: [ansible_core-2.16.13-py3-none-any.whl](https://files.pythonhosted.org/packages/a3/04/56026299305edeb0b8aa11263474d20ac41406f7e188f2068d9f8adc3a3a/ansible_core-2.16.13-py3-none-any.whl) - ‌2253485 bytes - 859cd5ac00c5e52a8d63906985691d0fd1b8ed4f0600862a5e360bd1fd5f8f53 (SHA256) - Source Distribution: [ansible_core-2.16.13.tar.gz](https://files.pythonhosted.org/packages/62/b1/a9d35df37506995d65b6d763fe0c83475797064c56f7341938e9b0e593d9/ansible_core-2.16.13.tar.gz) - ‌3158231 bytes - 45194e11efe3c4c0c9bb0b112b6ddc1ca5028a01be6b41bae593576a8b1127af (SHA256)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.