First published: Tue Aug 03 2021(Updated: )
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Ansible Automation Platform | =1.2 | |
Redhat Ansible Galaxy | =3.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3681 is a vulnerability found in Ansible Galaxy Collections that allows sensitive files to be included in the .tar.gz file when collections are built manually.
The severity of CVE-2021-3681 is rated as high with a severity value of 5.5.
Redhat Ansible Automation Platform version 1.2 is affected by CVE-2021-3681.
Redhat Ansible Galaxy version 3.3.0 is affected by CVE-2021-3681.
To fix CVE-2021-3681, make sure to explicitly exclude sensitive files via the "build_ignore" list in "galaxy.yml" when building collections manually in Ansible Galaxy.