CVE-2021-3533

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-3533
Rejected reason: This vulnerability does not meet the criteria for a security vulnerability
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

23 Jan 2024, 13:15

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack-rdo:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
CWE CWE-367
CWE-362
References
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1956477', 'tags': ['Issue Tracking', 'Vendor Advisory'], 'source': 'secalert@redhat.com'}
CVSS v2 : 1.2
v3 : 2.5 		v2 : unknown
v3 : unknown
Summary
  • (es) Se encontró un fallo en Ansible si un usuario ansible ajusta la función ANSIBLE_ASYNC_DIR en un subdirectorio de un directorio world writable. Cuando esto ocurre, se presenta una condición de carrera en la máquina administrada. Una cuenta maliciosa y no privilegiada en la máquina remota puede explotar la condición de carrera para acceder a los datos de resultados asincrónicos. Este fallo afecta a Ansible Tower versión 3.7 y Ansible Automation Platform versión 1.2
Summary (en) A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. (en) Rejected reason: This vulnerability does not meet the criteria for a security vulnerability
Information

Published : 2021-06-09 12:15

Updated : 2024-01-23 13:15

NVD link : CVE-2021-3533

Mitre link : CVE-2021-3533

CVE.ORG link : CVE-2021-3533

JSON object : View

Products Affected

No product.

CWE

No CWE.