Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-vhv1-9ypf-1bd7
SummaryA flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
Aliases
0
alias CVE-2021-3532
1
alias PYSEC-2021-125
Fixed_packages
Affected_packages
0
url pkg:alpm/archlinux/ansible@4.0.0-1
purl pkg:alpm/archlinux/ansible@4.0.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4yvf-k192-9fca
1
vulnerability VCID-vhv1-9ypf-1bd7
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@4.0.0-1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3532.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3532.json
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1956464
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1956464
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://security.archlinux.org/AVG-2056
reference_id AVG-2056
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2056
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-vhv1-9ypf-1bd7