PT-2013-4922 · Red Hat+1 · Ansible+1

Michael Scherer

Published

2013-09-16

Updated

2023-02-13

CVE-2013-4260

CVSS v4.0

6.9

Medium

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Ansible versions 1.2.0 through 1.2.2

Description The issue allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/. This occurs when the playbook does not run due to an error.

Recommendations For Ansible versions 1.2.0 through 1.2.2, update to version 1.2.3 or later to resolve the issue.

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-281

Related Identifiers

CVE-2013-4260

GHSA-PCQV-C46V-2P4V

PYSEC-2013-2

Affected Products

Ansible

Ansible-Core

PT-2013-4922 · Red Hat+1 · Ansible+1

CVE-2013-4260

Weakness Enumeration

Related Identifiers

Affected Products

References · 14