摘要:
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.
安全等级: Low
公告ID: KylinSec-SA-2022-2048
发布日期: 2022年9月23日
关联CVE: CVE-2021-3701
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2021-3701 | KY3.4-4A | python-ansible-runner | Unaffected |
| CVE-2021-3701 | KY3.4-5 | python-ansible-runner | Unaffected |
| CVE-2021-3701 | KY3.5.1 | python-ansible-runner | Unaffected |
