Lucene search

K
cve[email protected]CVE-2013-4260
HistorySep 16, 2013 - 7:14 p.m.

CVE-2013-4260

2013-09-1619:14:39
CWE-264
web.nvd.nist.gov
25
cve-2013-4260
ansible
security
symlink attack
nvd

7.1 High

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.

Affected configurations

NVD
Node
redhatansibleMatch1.2
OR
redhatansibleMatch1.2.1
OR
redhatansibleMatch1.2.2

7.1 High

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%