CVE-2021-3533

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1956477 Issue Tracking Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:redhat:ansible_tower:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack-rdo:-:*:*:*:*:*:*:*

Information

Published : 2021-06-09 12:15

Updated : 2022-04-25 05:24


NVD link : CVE-2021-3533

Mitre link : CVE-2021-3533

Products Affected
CWE