{"id":"CVE-2024-9902","summary":"Ansible-core: ansible-core user may read/write unauthorized content","details":"A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.","aliases":["GHSA-32p4-gm2c-wmch"],"modified":"2026-05-18T05:58:02.081318618Z","published":"2024-11-06T09:56:54.505Z","related":["CGA-2p98-rjfw-gx3x","openSUSE-SU-2024:14498-1","openSUSE-SU-2024:14499-1","openSUSE-SU-2024:14537-1","openSUSE-SU-2025:15638-1","openSUSE-SU-2025:15754-1"],"database_specific":{"cwe_ids":["CWE-863"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/9xxx/CVE-2024-9902.json","cna_assigner":"redhat"},"references":[{"type":"WEB","url":"https://access.redhat.com/downloads/content/package-browser/"},{"type":"WEB","url":"https://catalog.redhat.com/software/containers/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:10762"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:8969"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:9894"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:1861"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2024-9902"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/9xxx/CVE-2024-9902.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9902"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318271"},{"type":"PACKAGE","url":"https://github.com/ansible/ansible"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ansible/ansible","events":[{"introduced":"0"},{"fixed":"5082d8aa6f66fe9908f73398f9570c47f4962a6b"},{"introduced":"5a262ab510b565de941241f7ba949eb6b70c8412"},{"fixed":"6ec3e105f98f051069c5e59401a9b15d29c1aab1"},{"introduced":"00ca6b94d0cef44d67f34721160ddbc9a2f9cdaf"},{"fixed":"6d06996ca2a7c1c710bbe5002232c51bbfc0e85f"},{"introduced":"a429bc3e6480efc26a16c4eefc57beedfc7b4159"},{"fixed":"f35d2688742208757f019b1bf2c5c9f37db0811b"},{"introduced":"0061f342d93977d54325e48361196f752c2fa90b"},{"fixed":"00031d2d6f4ab36ccf5cef8e992a3e85b7f545de"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"2.14.18rc1"},{"introduced":"2.15.0b1"},{"fixed":"2.15.13rc1"},{"introduced":"2.16.0b1"},{"fixed":"2.16.13rc1"},{"introduced":"2.17.0b1"},{"fixed":"2.17.6rc1"},{"introduced":"2.18.0b1"},{"fixed":"2.18.0rc2"}]}}],"versions":["v2.18.0rc1","v2.16.12","v2.17.5","v2.16.12rc1","v2.17.5rc1","v2.18.0b1","v2.16.11","v2.17.4","v2.16.11rc1","v2.17.4rc1","v2.16.10","v2.17.3","v2.16.10rc1","v2.17.3rc1","v2.16.9","v2.17.2","v2.17.2rc2","v2.16.9rc1","v2.17.2rc1","v2.16.8","v2.17.1","v2.17.1rc1","v2.16.8rc1","v2.17.0","v2.16.7","v2.15.12","v2.14.17","v2.15.12rc1","v2.17.0rc2","v2.16.7rc1","v2.14.17rc1","v2.17.0rc1","v2.15.11","v2.14.16","v2.14.16rc1","v2.15.11rc1","v2.16.6","v2.17.0b1","v2.16.5","v2.15.10","v2.14.15","v2.14.15rc1","v2.16.5rc1","v2.15.10rc1","v2.16.4","v2.16.4rc1","v2.16.3","v2.15.9","v2.14.14","v2.16.3rc1","v2.15.9rc1","v2.14.14rc1","v2.16.2","v2.15.8","v2.14.13","v2.15.7","v2.14.12","v2.16.1","v2.15.7rc1","v2.14.12rc1","v2.16.1rc1","v2.15.6","v2.16.0","v2.15.6rc1","v2.16.0rc1","v2.14.11","v2.15.5","v2.15.5rc1","v2.14.11rc1","v2.16.0b2","v2.16.0b1","v2.14.10","v2.15.4","v2.15.4rc1","v2.14.10rc1","v2.14.9","v2.15.3","v2.15.3rc1","v2.14.9rc1","v2.14.8","v2.15.2","v2.14.8rc1","v2.15.2rc1","v2.15.1","v2.14.7","v2.15.1rc1","v2.14.7rc1","v2.14.6","v2.14.6rc1","v2.15.0","v2.15.0rc2","v2.15.0rc1","v2.14.5","v2.15.0b3","v2.14.5rc1","v2.15.0b2","v2.15.0b1","v2.14.4","v2.14.4rc1","v2.14.3","v2.14.3rc1","v2.14.2","v2.14.2rc1","v2.14.1","v2.14.1rc1","v2.14.0","v2.14.0rc2","v2.14.0rc1","v2.14.0b3","v2.14.0b2","v2.14.0b1","stable-2.11-branchpoint","v2.11.0b4","v2.11.0b3","v2.11.0b2","v2.11.0b1","stable-2.10-branchpoint","pre-ansible-base","stable-2.9-branchpoint","v2.8.0a1","v2.7.0.a1","v2.6.0a1","v2.0.0-0.5.beta3","v2.0.0-0.4.beta2","v2.0.0-0.3.beta1","v2.0.0-0.2.alpha2","v2.0.0-0.1.alpha1","v1.6.0","v1.4.0","v1.2","v1.1","v1.0","0.7","0.3","0.0.1","0.01"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-9902.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L"}]}