CVE-2021-3533

medium

Published 2021-06-09 · Modified 2023-11-08

CVSS v3

—

CVSS v2

—

VIR risk

5.5

Description

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2021-3533.html

OS impact

OS	Version	Status	Fixed in
arch		affected
sles		affected

Package impact

Ecosystem	Package	Vulnerable	Fixed
PyPI	ansible	`<3.0.0`	`3.0.0`

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956477
https://www.suse.com/security/cve/CVE-2021-3533.html

Verify integrity in audit chain (admin only). AS-IS.