Your submission was sent successfully! Close

CVE-2021-3532

Published: 9 June 2021

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
ansible
Launchpad, Ubuntu, Debian
bionic Deferred
(2022-01-14)
focal Deferred
(2022-01-14)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Deferred
(2022-01-14)
jammy Deferred
(2022-01-14)
precise Does not exist

trusty Needs triage

upstream Deferred
(2022-01-14)
xenial Ignored
(out of standard support)
ansible-base
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(out of standard support)
ansible-core
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(out of standard support)