Description |
- |
ANSIBLE_ASYNC_DIR defaults to ~/.ansible_async/ but is settable by the user. It can be set by the ansible user to a subdirectory of a world writable directory, for instance ANSIBLE_ASYNC_DIR=/tmp/username-ansible-async/. When this occurs, there is a race condition on the managed machine. A malicious, low privileged account on the remote machine can pre-create /tmp/username-ansible-async and then use various attacks to access the async result data. |
+ |
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. |
|