Description

A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.

INFO

Published Date :

2024-11-06T09:56:54.505Z

Last Modified :

2025-11-06T23:17:23.106Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9902 vulnerability.

Vendors Products
Redhat
  • Ansible Automation Platform
  • Ansible Automation Platform Developer
  • Ansible Automation Platform Inside
  • Ansible Core
  • Enterprise Linux
  • Openstack
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9902.

URL Resource
https://access.redhat.com/errata/RHSA-2024:10762 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8969 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9894 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1861 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-9902 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2318271 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-9902 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-9902 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact