CVE-2020-1736

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1736

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1736.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1736

Aliases

Related

Published

2020-03-16T16:15:13Z

Modified

2024-08-01T08:35:47.011730Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

References

Affected packages

Debian:11 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.10.7+merged+base+2.10.8+dfsg-1

4.*

4.6.0-1

5.*

5.4.0-1

5.5.0-1

6.*

6.3.0+dfsg-1

6.4.0+dfsg-1

7.*

7.0.0+dfsg-1

7.0.0+dfsg-2

7.1.0+dfsg-1

7.2.0+dfsg-2

7.3.0+dfsg-1

7.7.0+dfsg-1

7.7.0+dfsg-2

7.7.0+dfsg-3

9.*

9.4.0+dfsg-1

9.5.1+dfsg-1

10.*

10.0.0+dfsg-1

10.0.1+dfsg-1

10.1.0+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.3.0+dfsg-1

7.7.0+dfsg-1

7.7.0+dfsg-2

7.7.0+dfsg-3

9.*

9.4.0+dfsg-1

9.5.1+dfsg-1

10.*

10.0.0+dfsg-1

10.0.1+dfsg-1

10.1.0+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.3.0+dfsg-1

7.7.0+dfsg-1

7.7.0+dfsg-2

7.7.0+dfsg-3

9.*

9.4.0+dfsg-1

9.5.1+dfsg-1

10.*

10.0.0+dfsg-1

10.0.1+dfsg-1

10.1.0+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}