CVE-2021-3533

描述

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

受影響套件(1)

• PyPI/ansiblefrom 0, < 3.0.0

參考連結(1)

• REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=1956477