Information Exposure The advisory has been revoked - it doesn't affect any version of package ansible Open this link in a new tab
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-ANSIBLE-1292152
- published 13 May 2021
- disclosed 10 May 2021
- credit Unknown
Introduced: 10 May 2021
CVE-2021-3532 Open this link in a new tabHow to fix?
There is no fixed version for ansible
.
Amendment
This was deemed not a vulnerability.
Overview
ansible is a simple IT automation system.
Affected versions of this package are vulnerable to Information Exposure. A flaw was found in Ansible where the secret information present in async_files
are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system.
Note: This vulnerability is revoked because it was found to be an invalid issue in the context of the library.