PYSEC-2013-2

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2013-2.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2013-2

Aliases

CVE-2013-4260
GHSA-pcqv-c46v-2p4v

Published

2013-09-16T19:14:00Z

Modified

2023-11-01T04:45:11.144160Z

Summary

[none]

Details

lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.

References

https://bugzilla.redhat.com/show_bug.cgi?id=998227
http://www.ansible.com/security
https://exchange.xforce.ibmcloud.com/vulnerabilities/86898
https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg

Affected packages

PyPI / ansible

Package

Name: ansible; View open source insights on deps.dev
Purl: pkg:pypi/ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.2.0

Fixed

1.2.3

Affected versions

1.*

1.2

1.2.1

1.2.2