View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2023-5115 not yet assigned priority: Debian including 2 source packages (ansible, ansible-core), 9 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 9.
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.