CVE-2021-3533

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-3533
Rejected reason: This vulnerability does not meet the criteria for a security vulnerability
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

23 Jan 2024, 13:15

Type Values Removed Values Added
Summary (en) Rejected reason: This CVE is marked as INVALID and not a bug (en) Rejected reason: This vulnerability does not meet the criteria for a security vulnerability

15 Jan 2024, 17:15

Type Values Removed Values Added
Summary
  • (es) Se encontró un fallo en Ansible si un usuario ansible ajusta la función ANSIBLE_ASYNC_DIR en un subdirectorio de un directorio world writable. Cuando esto ocurre, se presenta una condición de carrera en la máquina administrada. Una cuenta maliciosa y no privilegiada en la máquina remota puede explotar la condición de carrera para acceder a los datos de resultados asincrónicos. Este fallo afecta a Ansible Tower versión 3.7 y Ansible Automation Platform versión 1.2
Summary (en) A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. (en) Rejected reason: This CVE is marked as INVALID and not a bug
References
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1956477', 'tags': ['Issue Tracking', 'Vendor Advisory'], 'source': 'secalert@redhat.com'}
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack-rdo:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.7.0:*:*:*:*:*:*:*
CVSS v2 : 1.2
v3 : 2.5 		v2 : unknown
v3 : unknown
CWE CWE-367
CWE-362

25 Apr 2022, 17:24

Type Values Removed Values Added
CWE CWE-367 CWE-362

17 Jun 2021, 17:21

Type Values Removed Values Added
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1956477 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1956477 - Issue Tracking, Vendor Advisory
CWE CWE-367
CVSS v2 : unknown
v3 : unknown 		v2 : 1.2
v3 : 2.5
CPE cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack-rdo:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

09 Jun 2021, 12:38

Type Values Removed Values Added
New CVE
Information

Published : 2021-06-09 12:15

Updated : 2024-01-23 13:15

NVD link : CVE-2021-3533

Mitre link : CVE-2021-3533

CVE.ORG link : CVE-2021-3533

JSON object : View

Products Affected

No product.

CWE

No CWE.