Back to search
CVE-2021-3701
Published: Aug 23, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.
| Vendor | Product | Versions |
|---|---|---|
n/a | ansible-runner | affected Affects ansible-runner 2.0 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1977959
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2021-3701
x_refsource_MISC
https://github.com/ansible/ansible-runner/issues/738
x_refsource_MISC
https://github.com/ansible/ansible-runner/pull/742/commits
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now