CVE Vulnerabilities

CVE-2013-4260

Published: Sep 16, 2013 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.3 LOW
AV:L/AC:M/Au:N/C:N/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.

Affected Software

Name Vendor Start Version End Version
Ansible Redhat 1.2 (including) 1.2 (including)
Ansible Redhat 1.2.1 (including) 1.2.1 (including)
Ansible Redhat 1.2.2 (including) 1.2.2 (including)
Ansible Ubuntu saucy *
Ansible Ubuntu upstream *

References