CVE-2021-3533

Name of the Vulnerable Software and Affected Versions: Ansible Tower version 3.7 Ansible Automation Platform version 1.2

Description: A flaw was found in Ansible related to the setting of the ANSIBLE ASYNC DIR variable to a subdirectory of a world-writable directory, leading to a race condition on the managed machine. This issue can be exploited by a malicious, non-privileged account on the remote machine to access async result data.

Recommendations: For Ansible Tower version 3.7, avoid setting ANSIBLE ASYNC DIR to a subdirectory of a world-writable directory to prevent the race condition. For Ansible Automation Platform version 1.2, restrict access to world-writable directories to minimize the risk of exploitation.