CVE-2021-3532

Rejected reason: This CVE is marked as INVALID and not a bug
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

15 Jan 2024, 17:15

Type Values Removed Values Added
Summary (en) Rejected reason: ** REJECT **, CVE-2021-3532. Reason: This record is a invalid and marked as NOT A BUG. All references and descriptions in this record have been removed to prevent accidental usage. (en) Rejected reason: This CVE is marked as INVALID and not a bug

15 Jan 2024, 16:15

Type Values Removed Values Added
CWE CWE-200
CWE-732
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack-rdo:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.7.0:*:*:*:*:*:*:*
References
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1956464', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
CVSS v2 : 4.3
v3 : 5.5
v2 : unknown
v3 : unknown
Summary
  • (es) Se encontró un fallo en Ansible donde la información secreta presente en la función async_files se divulga cuando el usuario cambia el jobdir a un directorio legible en todo el mundo. Cualquier información secreta en un archivo de estado asíncrono será legible por un usuario malicioso en ese sistema. Este fallo afecta a Ansible Tower versión 3.7 y Ansible Automation Platform versión 1.2
Summary (en) A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. (en) Rejected reason: ** REJECT **, CVE-2021-3532. Reason: This record is a invalid and marked as NOT A BUG. All references and descriptions in this record have been removed to prevent accidental usage.

07 Oct 2022, 20:46

Type Values Removed Values Added
CWE CWE-200 CWE-732

21 Jun 2021, 16:54

Type Values Removed Values Added
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1956464 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1956464 - Issue Tracking, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 5.5
CPE cpe:2.3:a:redhat:openstack-rdo:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.7.0:*:*:*:*:*:*:*
CWE CWE-200

09 Jun 2021, 12:38

Type Values Removed Values Added
New CVE

Information

Published : 2021-06-09 12:15

Updated : 2024-01-15 17:15


NVD link : CVE-2021-3532

Mitre link : CVE-2021-3532

CVE.ORG link : CVE-2021-3532


JSON object : View

Products Affected

No product.

CWE

No CWE.