lib/ansible/playbook/__init__.py in Ansible 1.2.x prior to 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat ansible 1.2.1 |
||
redhat ansible 1.2 |
||
redhat ansible 1.2.2 |