ANSIBLE_ASYNC_DIR defaults to ~/.ansible_async/ but is settable by the user. If the ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a World Writable Directory, for instance: ANSIBLE_ASYNC_DIR=/tmp/username-ansible-async/. When this occurs, there is a race condition on the managed machine. A malicious, low privileged account on the remote machine can pre-create /tmp/username-ansible-async and then use various attacks to access the async result data.
Created ansible tracking bugs for this issue: Affects: epel-all [bug 1959095] Affects: fedora-all [bug 1959094] Affects: openstack-rdo [bug 1959096]
Hi all, is there any available patch for that? Thanks