Vulnerability Details CVE-2021-3702
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.6%
CVSS Severity
CVSS v3 Score 6.3
References
- https://access.redhat.com/security/cve/CVE-2021-3702
- https://bugzilla.redhat.com/show_bug.cgi?id=1977965
- https://github.com/ansible/ansible-runner/pull/742/commits
- https://access.redhat.com/security/cve/CVE-2021-3702
- https://bugzilla.redhat.com/show_bug.cgi?id=1977965
- https://github.com/ansible/ansible-runner/pull/742/commits
Products affected by CVE-2021-3702
-
cpe:2.3:a:redhat:ansible_runner:2.0.0