Debian Bug report logs -
#1014857
ansible: CVE-2021-3533
Package:
src:ansible;
Maintainer for src:ansible is Lee Garrett <debian@rocketjumpeu>;
Reported by: Moritz Mühlenhoff <jmm@inutilorg>
Date: Wed, 13 Jul 2022 09:33:04 UTC
Severity: important
Tags: security
Reply or subscribe to this bug
Toggle useless ...
ANSIBLE_ASYNC_DIR defaults to ~/ansible_async/ but is settable by the user It can be set by the ansible user to a subdirectory of a world writable directory, for instance ANSIBLE_ASYNC_DIR=/tmp/username-ansible-async/ When this occurs, there is a race condition on the managed machine A malicious, low privileged account on the remote machine ca ...