Vulnerability in Redhat Ansible

CVE-2013-4259

runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.

EPSS: 0.001 (16.3th percentile) — read the EPSS interpretation.

Affected products

Redhat Ansible
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)