摘要:
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner s private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.
安全等级: Low
公告ID: KylinSec-SA-2022-2047
发布日期: 2022年9月23日
关联CVE: CVE-2021-3702
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner s private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2021-3702 | KY3.4-4A | python-ansible-runner | Unaffected |
| CVE-2021-3702 | KY3.4-5 | python-ansible-runner | Unaffected |
| CVE-2021-3702 | KY3.5.1 | python-ansible-runner | Unaffected |
