Search for packages
| purl | pkg:alpm/archlinux/ansible@4.0.0-1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4yvf-k192-9fca
Aliases: CVE-2021-3533 PYSEC-2021-126 |
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. | There are no reported fixed by versions. |
|
VCID-vhv1-9ypf-1bd7
Aliases: CVE-2021-3532 PYSEC-2021-125 |
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:26:42.669027+00:00 | Arch Linux Importer | Affected by | VCID-vhv1-9ypf-1bd7 | https://security.archlinux.org/AVG-2056 | 38.0.0 |
| 2026-04-01T18:26:42.650748+00:00 | Arch Linux Importer | Affected by | VCID-4yvf-k192-9fca | https://security.archlinux.org/AVG-2056 | 38.0.0 |