VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-acpr-sfrr-2kbu

Essentials
Severities (46)
References (15)
Severity details (17)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-acpr-sfrr-2kbu
Aliases	CVE-2015-6240 GHSA-wwwh-47wp-m522 PYSEC-2017-3
Summary	The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-59	Improper Link Resolution Before File Access ('Link Following')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2015-6240
cvssv3.1	7.8	https://bugzilla.redhat.com/show_bug.cgi?id=1243468
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=1243468
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-wwwh-47wp-m522
cvssv3.1	7.8	https://github.com/ansible/ansible
generic_textual	HIGH	https://github.com/ansible/ansible
cvssv3.1	7.8	https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647
generic_textual	HIGH	https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647
cvssv3.1	7.8	https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b
generic_textual	HIGH	https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b
cvssv3.1	7.8	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2017-3.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2017-3.yaml
cvssv3.1	7.8	https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2015-6240
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2015-6240
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2015/08/17/10
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2015/08/17/10

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6240.json
		https://api.first.org/data/v1/epss?cve=CVE-2015-6240
		https://bugzilla.redhat.com/show_bug.cgi?id=1243468
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6240
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015
		https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647
		https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2017-3.yaml
		https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
		https://nvd.nist.gov/vuln/detail/CVE-2015-6240
		http://www.ansible.com/security
		http://www.openwall.com/lists/oss-security/2015/08/17/10
GHSA-wwwh-47wp-m522		https://github.com/advisories/GHSA-wwwh-47wp-m522
USN-7330-1		https://usn.ubuntu.com/7330-1/

No exploits are available.

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1243468

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2017-3.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2015-6240

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2015/08/17/10

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.06391
EPSS Score	0.00029
Published At	Aug. 2, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:06:21.227051+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2017-3.yaml	37.0.0