Back to search
CVE-2020-1735
Published: Mar 16, 2020
Modified: Aug 4, 2024
PUBLISHED
CVSS v3.1
4.2
MEDIUM
Description
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
| Vendor | Product | Versions |
|---|---|---|
Red Hat | ansible | affected 2.7.x, 2.8.x, 2.9.x |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
x_refsource_CONFIRM
https://github.com/ansible/ansible/issues/67793
x_refsource_CONFIRM
FEDORA-2020-1b6ce91e37
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-3990f03ba3
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-f80154b5b4
vendor-advisory
x_refsource_FEDORA
GLSA-202006-11
vendor-advisory
x_refsource_GENTOO
DSA-4950
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now