---

CVE-2021-3533 - log back

CVE-2021-3533 edited at 09 Jun 2021 13:18:03

Description

- ANSIBLE_ASYNC_DIR defaults to ~/.ansible_async/ but is settable by the user. It can be set by the ansible user to a subdirectory of a world writable directory, for instance ANSIBLE_ASYNC_DIR=/tmp/username-ansible-async/. When this occurs, there is a race condition on the managed machine. A malicious, low privileged account on the remote machine can pre-create /tmp/username-ansible-async and then use various attacks to access the async result data. + A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

CVE-2021-3533 edited at 11 May 2021 09:40:58
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Information disclosure
Description	+ ANSIBLE_ASYNC_DIR defaults to ~/.ansible_async/ but is settable by the user. It can be set by the ansible user to a subdirectory of a world writable directory, for instance ANSIBLE_ASYNC_DIR=/tmp/username-ansible-async/. When this occurs, there is a race condition on the managed machine. A malicious, low privileged account on the remote machine can pre-create /tmp/username-ansible-async and then use various attacks to access the async result data.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1956477
Notes

CVE-2021-3533 created at 11 May 2021 09:38:09