pysec-2021-125
Vulnerability from pysec
Published
2021-06-09 12:15
Modified
2024-09-10 17:21
Details
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible",
"purl": "pkg:pypi/ansible"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0",
"1.1",
"1.2",
"1.2.1",
"1.2.2",
"1.2.3",
"1.3.0",
"1.3.1",
"1.3.2",
"1.3.3",
"1.3.4",
"1.4",
"1.4.1",
"1.4.2",
"1.4.3",
"1.4.4",
"1.4.5",
"1.5",
"1.5.1",
"1.5.2",
"1.5.3",
"1.5.4",
"1.5.5",
"1.6",
"1.6.1",
"1.6.10",
"1.6.2",
"1.6.3",
"1.6.4",
"1.6.5",
"1.6.6",
"1.6.7",
"1.6.8",
"1.6.9",
"1.7",
"1.7.1",
"1.7.2",
"1.8",
"1.8.1",
"1.8.2",
"1.8.3",
"1.8.4",
"1.9.0",
"1.9.0.1",
"1.9.1",
"1.9.2",
"1.9.3",
"1.9.4",
"1.9.5",
"1.9.6",
"2.0.0",
"2.0.0.0",
"2.0.0.1",
"2.0.0.2",
"2.0.1.0",
"2.0.2.0",
"2.1.0.0",
"2.1.1.0",
"2.1.2.0",
"2.1.3.0",
"2.1.4.0",
"2.1.5.0",
"2.1.6.0",
"2.10.0",
"2.10.0a1",
"2.10.0a2",
"2.10.0a3",
"2.10.0a4",
"2.10.0a5",
"2.10.0a6",
"2.10.0a7",
"2.10.0a8",
"2.10.0a9",
"2.10.0b1",
"2.10.0b2",
"2.10.0rc1",
"2.10.1",
"2.10.2",
"2.10.3",
"2.10.4",
"2.10.5",
"2.10.6",
"2.10.7",
"2.2.0.0",
"2.2.1.0",
"2.2.2.0",
"2.2.3.0",
"2.3.0.0",
"2.3.1.0",
"2.3.2.0",
"2.3.3.0",
"2.4.0.0",
"2.4.1.0",
"2.4.2.0",
"2.4.3.0",
"2.4.4.0",
"2.4.5.0",
"2.4.6.0",
"2.5.0",
"2.5.0a1",
"2.5.0b1",
"2.5.0b2",
"2.5.0rc1",
"2.5.0rc2",
"2.5.0rc3",
"2.5.1",
"2.5.10",
"2.5.11",
"2.5.12",
"2.5.13",
"2.5.14",
"2.5.15",
"2.5.2",
"2.5.3",
"2.5.4",
"2.5.5",
"2.5.6",
"2.5.7",
"2.5.8",
"2.5.9",
"2.6.0",
"2.6.0a1",
"2.6.0a2",
"2.6.0rc1",
"2.6.0rc2",
"2.6.0rc3",
"2.6.0rc4",
"2.6.0rc5",
"2.6.1",
"2.6.10",
"2.6.11",
"2.6.12",
"2.6.13",
"2.6.14",
"2.6.15",
"2.6.16",
"2.6.17",
"2.6.18",
"2.6.19",
"2.6.2",
"2.6.20",
"2.6.3",
"2.6.4",
"2.6.5",
"2.6.6",
"2.6.7",
"2.6.8",
"2.6.9",
"2.7.0",
"2.7.0.dev0",
"2.7.0a1",
"2.7.0b1",
"2.7.0rc1",
"2.7.0rc2",
"2.7.0rc3",
"2.7.0rc4",
"2.7.1",
"2.7.10",
"2.7.11",
"2.7.12",
"2.7.13",
"2.7.14",
"2.7.15",
"2.7.16",
"2.7.17",
"2.7.18",
"2.7.2",
"2.7.3",
"2.7.4",
"2.7.5",
"2.7.6",
"2.7.7",
"2.7.8",
"2.7.9",
"2.8.0",
"2.8.0a1",
"2.8.0b1",
"2.8.0rc1",
"2.8.0rc2",
"2.8.0rc3",
"2.8.1",
"2.8.10",
"2.8.11",
"2.8.12",
"2.8.13",
"2.8.14",
"2.8.15",
"2.8.16",
"2.8.16rc1",
"2.8.17",
"2.8.17rc1",
"2.8.18",
"2.8.18rc1",
"2.8.19",
"2.8.19rc1",
"2.8.2",
"2.8.20",
"2.8.20rc1",
"2.8.3",
"2.8.4",
"2.8.5",
"2.8.6",
"2.8.7",
"2.8.8",
"2.8.9",
"2.9.0",
"2.9.0b1",
"2.9.0rc1",
"2.9.0rc2",
"2.9.0rc3",
"2.9.0rc4",
"2.9.0rc5",
"2.9.1",
"2.9.10",
"2.9.11",
"2.9.12",
"2.9.13",
"2.9.14",
"2.9.14rc1",
"2.9.15",
"2.9.15rc1",
"2.9.16",
"2.9.16rc1",
"2.9.17",
"2.9.17rc1",
"2.9.18",
"2.9.18rc1",
"2.9.19",
"2.9.19rc1",
"2.9.2",
"2.9.20",
"2.9.20rc1",
"2.9.21",
"2.9.21rc1",
"2.9.22",
"2.9.22rc1",
"2.9.23",
"2.9.23rc1",
"2.9.24",
"2.9.24rc1",
"2.9.25",
"2.9.25rc1",
"2.9.3",
"2.9.4",
"2.9.5",
"2.9.6",
"2.9.7",
"2.9.8",
"2.9.9",
"3.0.0",
"3.0.0b1",
"3.0.0rc1",
"3.1.0",
"3.2.0",
"3.3.0",
"3.4.0",
"4.0.0",
"4.0.0a1",
"4.0.0a2",
"4.0.0a3",
"4.0.0a4",
"4.0.0b1",
"4.0.0b2",
"4.0.0rc1",
"4.1.0",
"4.2.0",
"4.3.0",
"4.4.0",
"4.5.0",
"2.9.26rc1",
"2.9.26",
"4.6.0",
"2.9.27rc1",
"5.0.0a1",
"2.9.27",
"4.7.0",
"5.0.0a2",
"4.8.0",
"5.0.0a3",
"5.0.0b1",
"5.0.0b2",
"5.0.0rc1",
"4.9.0",
"5.0.0",
"5.0.1",
"4.10.0",
"5.1.0",
"5.2.0",
"5.3.0",
"5.4.0",
"5.5.0",
"5.6.0",
"6.0.0a1",
"5.7.0",
"5.7.1",
"6.0.0a2",
"6.0.0a3",
"5.8.0",
"6.0.0b1",
"6.0.0b2",
"5.9.0",
"6.0.0rc1",
"6.0.0",
"5.10.0",
"6.1.0",
"6.2.0",
"6.3.0",
"6.4.0",
"7.0.0a1",
"6.5.0",
"7.0.0a2",
"6.6.0",
"7.0.0b1",
"10.0.0",
"10.0.0a1",
"10.0.0a2",
"10.0.0a3",
"10.0.0b1",
"10.0.0rc1",
"10.0.1",
"10.1.0",
"10.2.0",
"6.7.0",
"7.0.0",
"7.0.0rc1",
"7.1.0",
"7.2.0",
"7.3.0",
"7.4.0",
"7.5.0",
"7.6.0",
"7.7.0",
"8.0.0",
"8.0.0a1",
"8.0.0a2",
"8.0.0a3",
"8.0.0b1",
"8.0.0rc1",
"8.1.0",
"8.2.0",
"8.3.0",
"8.4.0",
"8.5.0",
"8.6.0",
"8.6.1",
"8.7.0",
"9.0.0",
"9.0.0a1",
"9.0.0a2",
"9.0.0a3",
"9.0.0b1",
"9.0.0rc1",
"9.0.1",
"9.1.0",
"9.2.0",
"9.3.0",
"9.4.0",
"9.5.0",
"9.5.1",
"9.6.0",
"9.6.1",
"9.7.0",
"9.8.0",
"10.3.0",
"9.9.0",
"10.4.0",
"9.10.0"
]
}
],
"aliases": [
"CVE-2021-3532"
],
"details": "A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.",
"id": "PYSEC-2021-125",
"modified": "2024-09-10T17:21:30.397896Z",
"published": "2021-06-09T12:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956464"
}
],
"withdrawn": "2024-08-02T20:32:38Z"
}
Loading...