CVE-2021-3533 - Redhat Openstack-rdo, Fedoraproject Fedora and Redhat Ansible Automation Platform

June 9, 2021

Low 2.5

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Affected software

Redhat Openstack-rdo

Fedoraproject Fedora

Redhat Ansible Automation Platform

Redhat Enterprise Linux

Redhat Ansible Tower

Redhat Ansible Engine

Reference links

https://bugzilla.redhat.com/show_bug.cgi?id=1956477

CVE-2021-3533 - Redhat Openstack-rdo, Fedoraproject Fedora and Redhat Ansible Automation Platform

Affected software

Reference links

Get alerted to vulnerabilities in your software