Back to bug 1977959
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2021-06-30 19:40:43 UTC | Depends On | 1977960, 1977961, 1977962 | |
| Pedro Sampaio | 2021-06-30 19:53:49 UTC | Blocks | 1977971 | |
| Red Hat Bugzilla | 2021-07-01 12:59:15 UTC | CC | dbecker | |
| Sage McTaggart | 2021-07-02 20:51:20 UTC | Depends On | 1978824 | |
| Lon Hohberger | 2021-07-09 17:18:44 UTC | CC | rhos-maint | |
| Red Hat Bugzilla | 2021-07-27 00:19:53 UTC | CC | jfrey | |
| Tapas Jena | 2021-08-11 17:31:57 UTC | Doc Text | A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 is written to world R/W location. An attacker can pre-create that directory, which may allow them to either read potentially private information or force ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat out of this vulnerability is to Confidentiality and Integrity. | |
| Tapas Jena | 2021-08-16 12:34:43 UTC | Summary | ansible-runner: Artifacts are written to world rw location by default | CVE-2021-3701 ansible-runner: Artifacts are written to world rw location by default |
| Alias | CVE-2021-3701 | |||
| RaTasha Tillery-Smith | 2021-08-16 16:48:45 UTC | Doc Text | A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 is written to world R/W location. An attacker can pre-create that directory, which may allow them to either read potentially private information or force ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat out of this vulnerability is to Confidentiality and Integrity. | A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity. |
| Red Hat Bugzilla | 2021-11-02 15:42:01 UTC | CC | notting | |
| Red Hat Bugzilla | 2021-12-01 03:29:45 UTC | CC | mgoldboi | |
| Tomer Brisker | 2021-12-14 09:23:51 UTC | CC | tbrisker | |
| Red Hat Bugzilla | 2021-12-15 11:50:47 UTC | CC | cmeyers | |
| Red Hat Bugzilla | 2021-12-20 17:33:26 UTC | CC | sdoran | |
| Red Hat Bugzilla | 2022-01-08 05:31:49 UTC | CC | jokerman | |
| Doron Fediuck | 2022-03-20 07:56:59 UTC | CC | dfediuck | |
| Dan Radez | 2022-03-31 14:01:55 UTC | CC | dradez | |
| Red Hat Bugzilla | 2022-04-23 04:25:43 UTC | CC | chousekn | |
| Red Hat Bugzilla | 2022-05-09 08:33:08 UTC | CC | aos-bugs | |
| Red Hat Bugzilla | 2022-07-18 09:51:10 UTC | CC | mmccune | |
| Red Hat Bugzilla | 2022-07-25 08:29:56 UTC | CC | aos-install | |
| Sandro Bonazzola | 2022-11-18 16:10:35 UTC | CC | sbonazzo | |
| Red Hat Bugzilla | 2023-01-01 05:32:15 UTC | CC | amctagga | |
| Red Hat Bugzilla | 2023-01-01 05:46:59 UTC | CC | flucifre | |
| Red Hat Bugzilla | 2023-01-01 05:52:18 UTC | CC | mhackett | |
| Red Hat Bugzilla | 2023-01-01 06:02:15 UTC | CC | bniver | |
| Red Hat Bugzilla | 2023-01-01 08:34:32 UTC | CC | mbenjamin | |
| Red Hat Bugzilla | 2023-01-01 08:43:42 UTC | CC | sostapov | |
| Red Hat Bugzilla | 2023-01-01 08:47:58 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 05:43:50 UTC | CC | sostapov | |
| Alasdair Kergon | 2023-01-04 06:11:25 UTC | CC | bniver | |
| Alasdair Kergon | 2023-01-04 06:23:48 UTC | CC | mbenjamin | |
| Alasdair Kergon | 2023-01-04 06:43:51 UTC | CC | flucifre | |
| Alasdair Kergon | 2023-01-04 06:59:12 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 11:29:24 UTC | CC | mhackett | |
| TEJ RATHI | 2023-02-27 06:05:04 UTC | CC | trathi | |
| Red Hat Bugzilla | 2023-03-02 08:27:35 UTC | CC | myarboro | |
| Red Hat Bugzilla | 2023-05-15 20:18:53 UTC | CC | btotty | |
| Red Hat Bugzilla | 2023-07-07 08:32:50 UTC | Assignee | security-response-team | nobody |
Back to bug 1977959