A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| ansible-runner(PyPI) | 2.0.0 | 2.1.0 | N/A |
CVSS Metrics
