CVE-2013-4260
LOW severity · CVSS 3.3 · CWE-264
3.3CVSS LOW
Summary
lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.
Impact & exploitability
Attack vectorLocal
Attack complexity—
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impact—
Availability impact—
Exploit probability (EPSS)0%
AV:L/AC:M/Au:N/C:N/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: https://bugzilla.redhat.com/show_bug.cgi?id=998227 ↗