CVE-2021-3702
published 2022-08-23CVE-2021-3702: A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their…
medium6.3CVSS 3.1
AVLACHPRLUINSUCHIHAN
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ansible-runner | — | — |
| linux | linux_kernel | >= 0 < 4.15.0-161.169 | 4.15.0-161.169 |
| linux | linux_kernel | >= 0 < 5.4.0-89.100 | 5.4.0-89.100 |
| redhat | ansible_runner | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
osv6.5MEDIUM