CVE-2024-9902

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Nov 6, 2024
CWE ID 863

Summary

CVE-2024-9902 is a vulnerability affecting Ansible's `user` module. This issue allows an unprivileged user to silently create or replace any file on any system path and take ownership of it. This occurs when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the targeted file, they retain full control over the file as its owner, potentially leading to serious security implications.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share