runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.
References
Link | Resource |
---|---|
http://www.ansible.com/security | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=998223 | Patch Issue Tracking |
https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg |
Configurations
History
13 Feb 2023, 04:45
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=998223 - Patch, Issue Tracking |
Information
Published : 2013-09-16 19:14
Updated : 2023-12-10 11:16
NVD link : CVE-2013-4259
Mitre link : CVE-2013-4259
CVE.ORG link : CVE-2013-4259
JSON object : View
Products Affected
redhat
- ansible
CWE
CWE-264
Permissions, Privileges, and Access Controls