CVE-2021-3533 log
| Source |
|
| Severity | Medium |
| Remote | No |
| Type | Information disclosure |
| Description | A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2056 | ansible | 4.0.0-1 | Medium | Not affected |
| References |
|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1956477 |