Vulnerability in Redhat Ansible

CVE-2013-4260

lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.

EPSS: 0.001 (24.2th percentile) — read the EPSS interpretation.

Affected products

Redhat Ansible — versions 1.2, 1.2.1, 1.2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Issue Tracking)
ansible-cve20134260-symlink(86898) (VDB Entry, vdb-entry, x_refsource_XF, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)