ANSIBLE_ASYNC_DIR defaults to ~/.ansible_async/ but is settable by the user. If the ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a World Writable Directory, for instance: ANSIBLE_ASYNC_DIR=/tmp/username-ansible-async/.
When this occurs, there is a race condition on the managed machine. A malicious, low privileged account on the remote machine can pre-create /tmp/username-ansible-async and then use various attacks to access the async result data.
Created ansible tracking bugs for this issue:
Affects: epel-all [bug 1959095]
Affects: fedora-all [bug 1959094]
Affects: openstack-rdo [bug 1959096]
is there any available patch for that? Thanks