CVE-2013-4260

EUVD-2013-0002
lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
redhatansible
1.2
redhatansible
1.2.1
redhatansible
1.2.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ansible
bookworm
7.7.0+dfsg-3+deb12u1
fixed
bullseye
2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
fixed
sid
10.5.0+dfsg-2
fixed
trixie
10.5.0+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ansible
lucid
dne
precise
dne
quantal
dne
raring
dne
saucy
ignored
trusty
not-affected
Common Weakness Enumeration
References
http://www.ansible.com/security
https://bugzilla.redhat.com/show_bug.cgi?id=998227
https://exchange.xforce.ibmcloud.com/vulnerabilities/86898
https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg
http://www.ansible.com/security
https://bugzilla.redhat.com/show_bug.cgi?id=998227
https://exchange.xforce.ibmcloud.com/vulnerabilities/86898
https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg