VYPR
Moderate severityNVD Advisory· Published Sep 16, 2013· Updated Jun 16, 2026

CVE-2013-4260

CVE-2013-4260

Description

lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ansiblePyPI
>= 1.2, < 1.2.31.2.3

Affected products

4
  • Red Hat/Ansible3 versions
    cpe:2.3:a:redhat:ansible:1.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:redhat:ansible:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ansible:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ansible:1.2.2:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 1.2, < 1.2.3

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.