CVE-2024-9902 - Vulnerability Details

A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Ansible Automation Platform Ansible Automation Platform Developer Ansible Automation Platform Inside Openstack

No data.

Package	CPE	Advisory	Released Date
Ansible Automation Platform Execution Environments
ansible-automation-platform/ansible-builder-rhel8:1.2.0-91	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2024:8969	2024-11-06T00:00:00Z
ansible-automation-platform/ansible-builder-rhel9:3.0.1-95	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2024:8969	2024-11-06T00:00:00Z
ansible-automation-platform/ee-29-rhel8:2.9.27-32	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2024:8969	2024-11-06T00:00:00Z
ansible-automation-platform/ee-minimal-rhel8:2.18.0-1	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2024:8969	2024-11-06T00:00:00Z
ansible-automation-platform/ee-minimal-rhel9:2.17.6-2	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2024:8969	2024-11-06T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 8
ansible-core-1:2.15.13-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.4::el8	RHSA-2024:10762	2024-12-03T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 9
ansible-core-1:2.15.13-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.4::el9	RHSA-2024:10762	2024-12-03T00:00:00Z
Red Hat Ansible Automation Platform 2.5 for RHEL 8
ansible-core-1:2.16.13-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.5::el8	RHSA-2024:9894	2024-11-18T00:00:00Z
Red Hat Ansible Automation Platform 2.5 for RHEL 9
ansible-core-1:2.16.13-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.5::el9	RHSA-2024:9894	2024-11-18T00:00:00Z
Red Hat OpenStack Platform 17.1 for RHEL 9
openstack-ansible-core-0:2.14.2-4.6.el9ost	cpe:/a:redhat:openstack:17.1::el9	RHSA-2025:1861	2025-02-25T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:10762
https://access.redhat.com/errata/RHSA-2024:8969
https://access.redhat.com/errata/RHSA-2024:9894
https://access.redhat.com/errata/RHSA-2025:1861
https://access.redhat.com/security/cve/CVE-2024-9902
https://bugzilla.redhat.com/show_bug.cgi?id=2318271
https://nvd.nist.gov/vuln/detail/CVE-2024-9902
https://www.cve.org/CVERecord?id=CVE-2024-9902

History

Tue, 25 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openstack:17.1~~	cpe:/a:redhat:openstack:17.1::el9
References		https://access.redhat.com/errata/RHSA-2025:1861

Tue, 03 Dec 2024 16:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
References		https://access.redhat.com/errata/RHSA-2024:10762

Sun, 24 Nov 2024 23:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat ansible Automation Platform Developer Redhat ansible Automation Platform Inside
CPEs	~~cpe:/a:redhat:ansible_automation_platform:2~~	cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
Vendors & Products		Redhat ansible Automation Platform Developer Redhat ansible Automation Platform Inside
References		https://access.redhat.com/errata/RHSA-2024:9894

Fri, 22 Nov 2024 15:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform:2.5::el9

Wed, 06 Nov 2024 20:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:ansible_automation_platform:ee::el8 cpe:/a:redhat:ansible_automation_platform:ee::el9
References		https://access.redhat.com/errata/RHSA-2024:8969

Wed, 06 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 06 Nov 2024 13:30:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-9902 https://www.cve.org/CVERecord?id=CVE-2024-9902
Metrics	threat_severity `None`	threat_severity `Moderate`

Wed, 06 Nov 2024 10:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.
Title		Ansible-core: ansible-core user may read/write unauthorized content
First Time appeared		Redhat Redhat ansible Automation Platform Redhat openstack
Weaknesses		CWE-863
CPEs		cpe:/a:redhat:ansible_automation_platform:2 cpe:/a:redhat:openstack:17.1
Vendors & Products		Redhat Redhat ansible Automation Platform Redhat openstack
References		https://access.redhat.com/security/cve/CVE-2024-9902 https://bugzilla.redhat.com/show_bug.cgi?id=2318271
Metrics		cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-11-06T09:56:54.505Z

Updated: 2025-02-25T20:05:07.738Z

Reserved: 2024-10-12T02:46:57.580Z

Link: CVE-2024-9902

Vulnrichment

Updated: 2024-11-06T14:21:02.895Z

NVD

Status : Awaiting Analysis

Published: 2024-11-06T10:15:06.200

Modified: 2025-02-25T20:15:36.143

Link: CVE-2024-9902

Redhat

Severity : Moderate

Publid Date: 2024-11-06T06:11:25Z

Links: CVE-2024-9902 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9902", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-10-12T02:46:57.580Z", "datePublished": "2024-11-06T09:56:54.505Z", "dateUpdated": "2025-02-25T20:05:07.738Z"}, "containers": {"cna": {"title": "Ansible-core: ansible-core user may read/write unauthorized content", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "2.14.18rc1", "versionType": "custom"}, {"status": "affected", "version": "2.15.0b1", "lessThan": "2.15.13rc1", "versionType": "custom"}, {"status": "affected", "version": "2.16.0b1", "lessThan": "2.16.13rc1", "versionType": "custom"}, {"status": "affected", "version": "2.17.0b1", "lessThan": "2.17.6rc1", "versionType": "custom"}, {"status": "affected", "version": "2.18.0b1", "lessThan": "2.18.0rc2", "versionType": "custom"}], "packageName": "ansible-core", "collectionURL": "https://github.com/ansible/ansible", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ansible-automation-platform/ansible-builder-rhel8", "defaultStatus": "affected", "versions": [{"version": "1.2.0-91", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"]}, {"vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ansible-automation-platform/ansible-builder-rhel9", "defaultStatus": "affected", "versions": [{"version": "3.0.1-95", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"]}, {"vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ansible-automation-platform/ee-29-rhel8", "defaultStatus": "affected", "versions": [{"version": "2.9.27-32", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"]}, {"vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ansible-automation-platform/ee-minimal-rhel8", "defaultStatus": "affected", "versions": [{"version": "2.18.0-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"]}, {"vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ansible-automation-platform/ee-minimal-rhel9", "defaultStatus": "affected", "versions": [{"version": "2.16.13-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ansible-core", "defaultStatus": "affected", "versions": [{"version": "1:2.15.13-1.el8ap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ansible-core", "defaultStatus": "affected", "versions": [{"version": "1:2.15.13-1.el9ap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ansible-core", "defaultStatus": "affected", "versions": [{"version": "1:2.16.13-1.el8ap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ansible-core", "defaultStatus": "affected", "versions": [{"version": "1:2.16.13-1.el9ap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-ansible-core", "defaultStatus": "affected", "versions": [{"version": "0:2.14.2-4.6.el9ost", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openstack:17.1::el9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:10762", "name": "RHSA-2024:10762", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8969", "name": "RHSA-2024:8969", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:9894", "name": "RHSA-2024:9894", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1861", "name": "RHSA-2025:1861", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-9902", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318271", "name": "RHBZ#2318271", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-11-06T06:11:25.611Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-863: Incorrect Authorization", "workarounds": [{"lang": "en", "value": "In the play that uses the user module with the key generation option,\nhave a prior task ensuring the public key does not exist for example:\n\n- name: avoid user exploit (change name depending on other options\nused in user task)\nfile: path=/home/{{username}}/.ssh/id_rsa.pub state=absent"}], "timeline": [{"lang": "en", "time": "2024-10-12T02:41:32.581000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-11-06T06:11:25.611000+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Matt Clay for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-02-25T20:05:07.738Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-06T14:20:56.915379Z", "id": "CVE-2024-9902", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T14:21:06.565Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9902", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-06T14:20:56.915379Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T14:21:02.895Z"}}], "cna": {"title": "Ansible-core: ansible-core user may read/write unauthorized content", "credits": [{"lang": "en", "value": "Red Hat would like to thank Matt Clay for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "2.14.18rc1", "versionType": "custom"}, {"status": "affected", "version": "2.15.0b1", "lessThan": "2.15.13rc1", "versionType": "custom"}, {"status": "affected", "version": "2.16.0b1", "lessThan": "2.16.13rc1", "versionType": "custom"}, {"status": "affected", "version": "2.17.0b1", "lessThan": "2.17.6rc1", "versionType": "custom"}, {"status": "affected", "version": "2.18.0b1", "lessThan": "2.18.0rc2", "versionType": "custom"}], "packageName": "ansible-core", "collectionURL": "https://github.com/ansible/ansible", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"], "vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "versions": [{"status": "unaffected", "version": "1.2.0-91", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-automation-platform/ansible-builder-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"], "vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "versions": [{"status": "unaffected", "version": "3.0.1-95", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-automation-platform/ansible-builder-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"], "vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "versions": [{"status": "unaffected", "version": "2.9.27-32", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-automation-platform/ee-29-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"], "vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "versions": [{"status": "unaffected", "version": "2.18.0-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-automation-platform/ee-minimal-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"], "vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "versions": [{"status": "unaffected", "version": "2.16.13-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-automation-platform/ee-minimal-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:2.15.13-1.el8ap", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "1:2.15.13-1.el9ap", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:2.16.13-1.el8ap", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "versions": [{"status": "unaffected", "version": "1:2.16.13-1.el9ap", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:17.1::el9"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.14.2-4.6.el9ost", "lessThan": "*", "versionType": "rpm"}], "packageName": "openstack-ansible-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-10-12T02:41:32.581000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-11-06T06:11:25.611000+00:00", "value": "Made public."}], "datePublic": "2024-11-06T06:11:25.611Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:10762", "name": "RHSA-2024:10762", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8969", "name": "RHSA-2024:8969", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:9894", "name": "RHSA-2024:9894", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1861", "name": "RHSA-2025:1861", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-9902", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318271", "name": "RHBZ#2318271", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "In the play that uses the user module with the key generation option,\nhave a prior task ensuring the public key does not exist for example:\n\n- name: avoid user exploit (change name depending on other options\nused in user task)\nfile: path=/home/{{username}}/.ssh/id_rsa.pub state=absent"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "Incorrect Authorization"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-02-25T20:05:07.738Z"}, "x_redhatCweChain": "CWE-863: Incorrect Authorization"}}, "cveMetadata": {"cveId": "CVE-2024-9902", "state": "PUBLISHED", "dateUpdated": "2025-02-25T20:05:07.738Z", "dateReserved": "2024-10-12T02:46:57.580Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-11-06T09:56:54.505Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Ansible. El m\u00f3dulo `user` de ansible-core puede permitir que un usuario sin privilegios cree o reemplace silenciosamente el contenido de cualquier archivo en cualquier ruta del sistema y tome posesi\u00f3n de \u00e9l cuando un usuario privilegiado ejecuta el m\u00f3dulo `user` en el directorio de inicio del usuario sin privilegios. Si el usuario sin privilegios tiene permisos de navegaci\u00f3n en el directorio que contiene el archivo de destino explotado, conserva el control total sobre el contenido del archivo como su propietario."}], "id": "CVE-2024-9902", "lastModified": "2025-02-25T20:15:36.143", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.5, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-11-06T10:15:06.200", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:10762"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:8969"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:9894"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1861"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-9902"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318271"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Matt Clay for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:8969", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ansible-builder-rhel8:1.2.0-91", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8969", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ansible-builder-rhel9:3.0.1-95", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8969", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ee-29-rhel8:2.9.27-32", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8969", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ee-minimal-rhel8:2.18.0-1", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8969", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ee-minimal-rhel9:2.17.6-2", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:10762", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-core-1:2.15.13-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-03T00:00:00Z"}, {"advisory": "RHSA-2024:10762", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "ansible-core-1:2.15.13-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-12-03T00:00:00Z"}, {"advisory": "RHSA-2024:9894", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-core-1:2.16.13-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-11-18T00:00:00Z"}, {"advisory": "RHSA-2024:9894", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "ansible-core-1:2.16.13-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2024-11-18T00:00:00Z"}, {"advisory": "RHSA-2025:1861", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "openstack-ansible-core-0:2.14.2-4.6.el9ost", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2025-02-25T00:00:00Z"}], "bugzilla": {"description": "ansible-core: Ansible-core user may read/write unauthorized content", "id": "2318271", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318271"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "status": "verified"}, "cwe": "CWE-863", "details": ["A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.", "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner."], "mitigation": {"lang": "en:us", "value": "In the play that uses the user module with the key generation option,\nhave a prior task ensuring the public key does not exist for example:\n- name: avoid user exploit (change name depending on other options\nused in user task)\nfile: path=/home/{{username}}/.ssh/id_rsa.pub state=absent"}, "name": "CVE-2024-9902", "public_date": "2024-11-06T06:11:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-9902\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-9902"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object