CVE-2021-3533 — Race Condition in Redhat Ansible

3 documents1 sources
Severity
—N/A
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Ansible
Timeline
PublishedJun 9
Latest updateDec 8

Description

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Affected Packages1 packages

â–¶PyPIredhat/ansible< 3.0.0

🔴Vulnerability Details

3
OSV
libbpf vulnerabilities↗2022-12-08
â–¶
OSV
libbpf vulnerabilities↗2022-12-05
â–¶
OSV
CVE-2021-3533: A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory↗2021-06-09
â–¶
CVE-2021-3533 — Race Condition in Redhat Ansible | cvebase