FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Ansible -- Insecure Temporary File

Affected packages
2.9.0 <= py36-ansible <= 2.9.9
2.9.0 <= py36-ansible27 <= 2.9.9
2.9.0 <= py37-ansible <= 2.9.9
2.9.0 <= py38-ansible <= 2.9.9
2.9.0 <= py39-ansible <= 2.9.9
2.7.0 <= py37-ansible27 <= 2.7.18
2.7.0 <= py38-ansible27 <= 2.7.18
2.7.0 <= py39-ansible27 <= 2.7.18
2.8.0 <= py36-ansible28 <= 2.8.12
2.8.0 <= py37-ansible28 <= 2.8.12
2.8.0 <= py38-ansible28 <= 2.8.12
2.8.0 <= py39-ansible28 <= 2.8.12

Details

VuXML ID 50ec3a01-ad77-11eb-8528-8c164582fbac
Discovery 2020-05-15
Entry 2021-05-05

NVD reports:

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems..

[source]

References

CVE Name CVE-2020-10744
URL https://nvd.nist.gov/vuln/detail/CVE-2020-10744

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.