CVE-2024-9902 is an authorization vulnerability found in the ansible-core user module affecting versions 0 through 2.18.0b1. The flaw arises because the module allows an unprivileged user to silently create or overwrite any file on any system path and assume ownership of that file when a privileged user executes the user module targeting the unprivileged user's home directory. This occurs if the unprivileged user has directory traversal permissions on the directory containing the target file, enabling them to control the file's contents fully. The vulnerability leverages the interaction between unprivileged user permissions and privileged execution of Ansible tasks, effectively bypassing intended access controls. The CVSS v3.1 score is 6.3 (medium), reflecting the requirement for local access, high attack complexity, low privileges, and user interaction, but with high confidentiality and integrity impacts and low availability impact. No public exploits are known, but the vulnerability could be used for privilege escalation or implanting persistent malicious files. The issue affects environments where Ansible is used for configuration management and automation, particularly where unprivileged users have directory traversal rights and privileged users run Ansible playbooks against their home directories.

For European organizations, this vulnerability poses a significant risk to confidentiality and integrity of critical systems managed via Ansible. Attackers with local access could manipulate configuration files, implant backdoors, or escalate privileges by exploiting the flaw, potentially compromising entire automation workflows. This could lead to unauthorized data access, disruption of automated deployments, or persistent footholds in enterprise environments. Organizations in sectors such as finance, manufacturing, telecommunications, and government, which heavily rely on Ansible for infrastructure automation, are particularly vulnerable. The medium severity rating suggests the vulnerability is exploitable but requires specific conditions, limiting widespread exploitation but still posing a serious threat in targeted attacks. The lack of known exploits currently provides a window for proactive mitigation before active exploitation occurs.

1. Immediately upgrade ansible-core to a patched version beyond 2.18.0b1 once available. 2. Restrict directory traversal permissions for unprivileged users, especially on directories containing sensitive or system-critical files. 3. Avoid running Ansible user module tasks against directories where unprivileged users have write or traversal permissions. 4. Implement strict access controls and monitoring on Ansible playbook executions, ensuring only trusted users can run privileged tasks. 5. Use file integrity monitoring to detect unauthorized changes to critical files potentially targeted by this vulnerability. 6. Conduct regular audits of user permissions and Ansible configurations to identify and remediate risky permission settings. 7. Employ network segmentation and endpoint protection to limit local access opportunities for unprivileged users. 8. Educate system administrators about the risk and signs of exploitation related to this vulnerability.