OpenCVE

A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Ansible Runner

Configuration 1 [-]

cpe:2.3:a:redhat:ansible_runner:2.0.0:-:*:*:*:*:*:*

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2021-3702
https://bugzilla.redhat.com/show_bug.cgi?id=1977965
https://github.com/ansible/ansible-runner/pull/742/commits
https://nvd.nist.gov/vuln/detail/CVE-2021-3702
https://www.cve.org/CVERecord?id=CVE-2021-3702

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-23T15:51:01

Updated: 2024-08-03T17:01:07.921Z

Reserved: 2021-08-12T00:00:00

Link: CVE-2021-3702

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-23T16:15:09.550

Modified: 2024-11-21T06:22:11.477

Link: CVE-2021-3702

Redhat

Severity : Moderate

Publid Date: 2021-06-26T00:00:00Z

Links: CVE-2021-3702 - Bugzilla

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_runner:2.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "1470BAF6-3B08-42DB-AD44-B5887D24D787", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de condici\u00f3n de carrera en ansible-runner, donde un atacante podr\u00eda observar la creaci\u00f3n y eliminaci\u00f3n r\u00e1pida de un directorio temporal, sustituir su directorio por ese nombre, y luego tener acceso al private_data_dir de ansible-runner la pr\u00f3xima vez que ansible-runner hiciera uso del private_data_dir. La mayor amenaza de este fallo es para la integridad y la confidencialidad."}], "id": "CVE-2021-3702", "lastModified": "2024-11-21T06:22:11.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-23T16:15:09.550", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-3702"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977965"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ansible/ansible-runner/pull/742/commits"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-3702"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977965"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ansible/ansible-runner/pull/742/commits"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ansible-runner: Race condition with temporary files in tempfile.TemporaryDirectory()", "id": "1977965", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977965"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-362", "details": ["A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.", "A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality."], "name": "CVE-2021-3702", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "ansible-runner", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Not affected", "package_name": "ansible-runner", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-runner", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_tower:3", "fix_state": "Not affected", "package_name": "ansible-runner", "product_name": "Red Hat Ansible Tower 3"}, {"cpe": "cpe:/a:redhat:ansible_tower:3", "fix_state": "Not affected", "package_name": "python2-ansible-runner", "product_name": "Red Hat Ansible Tower 3"}, {"cpe": "cpe:/a:redhat:ansible_tower:3", "fix_state": "Not affected", "package_name": "python3-ansible-runner", "product_name": "Red Hat Ansible Tower 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Not affected", "package_name": "ansible-runner", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "ansible-runner", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "ansible-runner", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "python-ansible-runner", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:16", "fix_state": "Not affected", "package_name": "python-ansible-runner", "product_name": "Red Hat OpenStack Platform 16 (Train)"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "ansible-runner", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "ansible-runner", "product_name": "Red Hat Virtualization 4"}], "public_date": "2021-06-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3702\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3702"], "threat_severity": "Moderate"}