FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-ansible -- data leak vulnerability

Affected packages
py310-ansible <= 7.1.0
py311-ansible <= 7.1.0
py37-ansible <= 7.1.0
py38-ansible <= 7.1.0
py39-ansible <= 7.1.0

Details

VuXML ID f418cd50-561a-49a2-a133-965d03ede72a
Discovery 2021-06-09
Entry 2023-04-10

Tapas jena reports:

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory.

Any secret information in an async status file will be readable by a malicious user on that system.

This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

[source]

References

CVE Name CVE-2021-3532
URL https://osv.dev/vulnerability/PYSEC-2021-125

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.