Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3702

Опубликовано: 26 июн. 2021
Источник: redhat
CVSS3: 6

Описание

A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5ansible-runnerNot affected
Red Hat Ansible Automation Platform 1.2ansible-runnerNot affected
Red Hat Ansible Automation Platform 2ansible-runnerNot affected
Red Hat Ansible Tower 3ansible-runnerNot affected
Red Hat Ansible Tower 3python2-ansible-runnerNot affected
Red Hat Ansible Tower 3python3-ansible-runnerNot affected
Red Hat Ceph Storage 4ansible-runnerNot affected
Red Hat OpenShift Container Platform 3.11ansible-runnerNot affected
Red Hat OpenShift Container Platform 4ansible-runnerNot affected
Red Hat OpenStack Platform 13 (Queens)python-ansible-runnerNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=1977965ansible-runner: Race condition with temporary files in tempfile.TemporaryDirectory()

6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3702

CVSS3: 6.3
ubuntu
больше 3 лет назад

A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.

nvd логотип

CVE-2021-3702

CVSS3: 6.3
nvd
больше 3 лет назад

A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.

debian логотип

CVE-2021-3702

CVSS3: 6.3
debian
больше 3 лет назад

A race condition flaw was found in ansible-runner, where an attacker c ...

github логотип

GHSA-772j-xvf9-qpf5

CVSS3: 6.3
github
больше 3 лет назад

ansible-runner vulnerable to Race Condition

6 Medium

CVSS3

Уязвимость CVE-2021-3702