Moderate severityNVD Advisory· Published Aug 23, 2022· Updated Aug 3, 2024
CVE-2021-3702
CVE-2021-3702
Description
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ansible-runnerPyPI | >= 2.0.0, < 2.1.0 | 2.1.0 |
Affected products
2- ansible-runner/ansible-runnerdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-772j-xvf9-qpf5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3702ghsaADVISORY
- access.redhat.com/security/cve/CVE-2021-3702ghsax_refsource_MISCWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/ansible/ansible-runner/commit/93e95a3df9021a38010386d07df121392d249253ghsaWEB
- github.com/ansible/ansible-runner/pull/742ghsaPACKAGE
- github.com/ansible/ansible-runner/pull/742/commitsghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/ansible-runner/PYSEC-2022-43068.yamlghsaWEB
News mentions
0No linked articles in our index yet.