Back to search
CVE-2021-3702
Published: Aug 23, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.
| Vendor | Product | Versions |
|---|---|---|
n/a | ansible-runner | affected Affects ansible-runner 2.0 |
Weaknesses (CWE)
References
https://github.com/ansible/ansible-runner/pull/742/commits
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1977965
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2021-3702
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now