CVE-2013-4260: Ansible Arbitrary File Overwrite Vulnerability
(updated )
lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.
References
- www.ansible.com/security
- bugzilla.redhat.com/show_bug.cgi?id=998227
- exchange.xforce.ibmcloud.com/vulnerabilities/86898
- github.com/advisories/GHSA-pcqv-c46v-2p4v
- github.com/ansible/ansible/commit/ed3e4aff84fb32005d8e91dbf0fd7b134a482486
- groups.google.com/forum/
- groups.google.com/forum/
- nvd.nist.gov/vuln/detail/CVE-2013-4260
Detect and mitigate CVE-2013-4260 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →