CVE-2021-3701

MEDIUM Year: 2021
CVSS v3 Score
6.6
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.

Related Vulnerabilities

CVE-2014-7301

MEDIUM
CVSS:6.6(Medium)

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /et...

CWE-2762014

CVE-2024-32978

MEDIUM
CVSS:6.6(Medium)

Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for R...

CWE-2762024

CVE-2017-0369

MEDIUM
CVSS:6.5(Medium)

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

CWE-2762017

CVE-2017-1000084

MEDIUM
CVSS:6.5(Medium)

Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in...

CWE-2762017

CVE-2018-13286

MEDIUM
CVSS:6.5(Medium)

Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world re...

CWE-2762018