Описание
A flaw was found in Ansible. Confidential information is disclosed in async_files when the user changes the jobdir to a world-readable directory. Any confidential information in an async status file will be readable by a malicious user on that system.
Отчет
Red Hat Product Security does not consider this to be a vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 1.2 | Ansible | Out of support scope | ||
| Red Hat Ansible Engine 2 | ansible | Out of support scope | ||
| Red Hat Ansible Tower 3 | ansible | Out of support scope |
Показывать по
10
Дополнительная информация
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1956464ansible: async_file sensitive information disclosure
0 Low
CVSS3
Связанные уязвимости
0 Low
CVSS3