Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ansible 不安全临时文件创建漏洞
Vulnerability Description
Ansible是美国Ansible公司的一款计算机系统配置管理器,它可用于发布、管理和编排计算机系统。 Ansible 1.2.3以前的1.2.x版本中的lib/ansible/playbook/__init__.py文件中存在不安全临时文件创建漏洞,程序在/var/tmp/ansible/目录下创建文件时使用可预测文件名。在播放列表因错误停止运行的情况下,本地攻击者可利用该漏洞在重试文件实施符号链接攻击以提升的权限覆盖任意文件。
CVSS Information
N/A
Vulnerability Type
N/A