Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File
Low severity
GitHub Reviewed
Published
Apr 20, 2021
to the GitHub Advisory Database
•
Updated Nov 18, 2024
Package
Affected versions
>= 0, < 2.7.17
>= 2.8.0a1, < 2.8.11
>= 2.9.0a1, < 2.9.7
Patched versions
2.7.17
2.8.11
2.9.7
Description
Published by the National Vulnerability Database
Mar 11, 2020
Reviewed
Apr 5, 2021
Published to the GitHub Advisory Database
Apr 20, 2021
Last updated
Nov 18, 2024
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p
"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc//cmdline'.References