Insecure Defaults Affecting ansible-runner package, versions [,1.3.1)
Snyk CVSS
Attack Complexity
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-ANSIBLERUNNER-174098
- published 4 Apr 2019
- disclosed 26 Mar 2019
- credit Unknown
How to fix?
Upgrade ansible-runner
to version 1.3.1 or higher.
Overview
ansible-runner is a tool that helps when interfacing with Ansible directly or as part of another system whether that be through a container image interface, as a standalone tool, or as a Python module that can be imported.
Affected versions of this package are vulnerable to Insecure Defaults. The default permissions of writing job events where not safe.