Skip to main content

Ansible CVE-2013-4260

LOW
Permissions, Privileges, and Access Controls (CWE-264)
2013-09-16 secalert@redhat.com
3.3
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:M/Au:N/C:N/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:M/Au:N/C:N/I:P/A:P
Attack Vector
Local
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Sep 16, 2013 - 19:14 cve.org
LOW 3.3

DescriptionCVE.org

lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.

AnalysisAI

lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a. Rated low severity (CVSS 3.3).

Technical ContextAI

This vulnerability is classified under CWE-264. lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/. Affected products include: Redhat Ansible. Version information: before 1.2.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-10217 MEDIUM POC
6.5 Nov 25

A flaw was found in ansible 2.8.0 before 2.8.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploit

CVE-2017-7550 CRITICAL
9.8 Nov 21

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkin

CVE-2021-33924 CRITICAL
9.8 Sep 29

Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its a

CVE-2020-1733 MEDIUM POC
5.0 Mar 11

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a play

CVE-2014-3498 HIGH
8.8 Jun 08

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. Rated high seve

CVE-2020-1735 MEDIUM POC
4.6 Mar 16

A flaw was found in the Ansible Engine when the fetch module is used. Rated medium severity (CVSS 4.6), this vulnerabili

CVE-2015-6240 HIGH
7.8 Jun 07

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environme

CVE-2016-3096 HIGH
7.8 Jun 03

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local use

CVE-2023-5764 HIGH
7.8 Dec 12

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the u

CVE-2022-3697 HIGH
7.5 Oct 28

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2

CVE-2020-1736 LOW POC
3.3 Mar 16

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified

CVE-2020-25636 HIGH
7.1 Oct 05

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file t

Share

CVE-2013-4260 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy