CVE-2020-1739

Aliases:GHSA-923p-fr2c-g5m2PYSEC-2020-11
Advisory lineage Upstream: 0 Downstream: 18
Modified
Published: 12 Mar 2020, 17:47
Last modified:04 Aug 2024, 06:46

Vulnerability Summary

Overall Risk (default)
low
16/100
CVSS Score
3.9 LOW
v3.1 (cve.org)
EPSS Score
0.05% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

12 Mar 2020, 17:47
Published
Vulnerability first disclosed
04 Aug 2024, 06:46
Last Modified
Vulnerability information updated

Description

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.

CVSS Metrics

  • v4.0LOWScore: 2.4CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
  • v3.1LOWScore: 3.9CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
  • v2.0LOWScore: 3.3AV:L/AC:M/Au:N/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 0.05% Percentile: 15%

Techniques & Countermeasures

  • CWE-200Exposure of Sensitive Information to an Unauthorized Actor

    The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

  • debiandebian_linux

    8.0 | 10.0

  • fedoraprojectfedora

    30 | 31 | 32

  • PyPIansible

    < 2.7.17 | ≥ 2.8.0a1, < 2.8.11 | ≥ 2.9.0a1, < 2.9.7 | ≥ 2.9.0, < 2.9.6

  • red hatansible

    2.7.16 and prior | 2.8.8 and prior | 2.9.5 and prior

  • redhatansible

    ≤ 2.7.16 | ≥ 2.8.0, ≤ 2.8.8 | ≥ 2.9.0, ≤ 2.9.5

  • redhatansible_tower

    ≤ 3.3.4 | ≥ 3.4.0, ≤ 3.4.5 | ≥ 3.5.0, ≤ 3.5.5 | ≥ 3.6.0, ≤ 3.6.3

  • redhatcloudforms_management_engine

    5.0

  • redhatopenstack

    13

References (23)