PYSEC-2021-126

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2021-126.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-126

Aliases

CVE-2021-3533

Published

2021-06-09T12:15:00Z

Modified

2023-11-08T04:06:09.586670Z

Summary

[none]

Details

A flaw was found in Ansible if an ansible user sets ANSIBLEASYNCDIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956477

Affected packages

PyPI / ansible

Package

Name: ansible; View open source insights on deps.dev
Purl: pkg:pypi/ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.0

Affected versions

1.*

1.0

1.1

1.2

1.2.1

1.2.2

1.2.3

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.4

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.5

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.6

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.6.10

1.7

1.7.1

1.7.2

1.8

1.8.1

1.8.2

1.8.3

1.8.4

1.9.0

1.9.0.1

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

2.*

2.0.0

2.0.0.0

2.0.0.1

2.0.0.2

2.0.1.0

2.0.2.0

2.1.0.0

2.1.1.0

2.1.2.0

2.1.3.0

2.1.4.0

2.1.5.0

2.1.6.0

2.2.0.0

2.2.1.0

2.2.2.0

2.2.3.0

2.3.0.0

2.3.1.0

2.3.2.0

2.3.3.0

2.4.0.0

2.4.1.0

2.4.2.0

2.4.3.0

2.4.4.0

2.4.5.0

2.4.6.0

2.5.0a1

2.5.0b1

2.5.0b2

2.5.0rc1

2.5.0rc2

2.5.0rc3

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

2.5.7

2.5.8

2.5.9

2.5.10

2.5.11

2.5.12

2.5.13

2.5.14

2.5.15

2.6.0a1

2.6.0a2

2.6.0rc1

2.6.0rc2

2.6.0rc3

2.6.0rc4

2.6.0rc5

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.6.10

2.6.11

2.6.12

2.6.13

2.6.14

2.6.15

2.6.16

2.6.17

2.6.18

2.6.19

2.6.20

2.7.0.dev0

2.7.0a1

2.7.0b1

2.7.0rc1

2.7.0rc2

2.7.0rc3

2.7.0rc4

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.7.10

2.7.11

2.7.12

2.7.13

2.7.14

2.7.15

2.7.16

2.7.17

2.7.18

2.8.0a1

2.8.0b1

2.8.0rc1

2.8.0rc2

2.8.0rc3

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.8.10

2.8.11

2.8.12

2.8.13

2.8.14

2.8.15

2.8.16rc1

2.8.16

2.8.17rc1

2.8.17

2.8.18rc1

2.8.18

2.8.19rc1

2.8.19

2.8.20rc1

2.8.20

2.9.0b1

2.9.0rc1

2.9.0rc2

2.9.0rc3

2.9.0rc4

2.9.0rc5

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

2.9.10

2.9.11

2.9.12

2.9.13

2.9.14rc1

2.9.14

2.9.15rc1

2.9.15

2.9.16rc1

2.9.16

2.9.17rc1

2.9.17

2.9.18rc1

2.9.18

2.9.19rc1

2.9.19

2.9.20rc1

2.9.20

2.9.21rc1

2.9.21

2.9.22rc1

2.9.22

2.9.23rc1

2.9.23

2.9.24rc1

2.9.24

2.9.25rc1

2.9.25

2.9.26rc1

2.9.26

2.9.27rc1

2.9.27

2.10.0a1

2.10.0a2

2.10.0a3

2.10.0a4

2.10.0a5

2.10.0a6

2.10.0a7

2.10.0a8

2.10.0a9

2.10.0b1

2.10.0b2

2.10.0rc1

2.10.0

2.10.1

2.10.2

2.10.3

2.10.4

2.10.5

2.10.6

2.10.7

3.*

3.0.0b1

3.0.0rc1