CVE-2020-1738

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-1738
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1738.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-1738
Aliases
Downstream
Related
Published
2020-03-16T16:15:14.093Z
Modified
2026-04-10T04:23:47.967875Z
Severity
  • 3.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L CVSS Calculator
Summary
[none]
Details

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type
GIT
Repo
https://github.com/ansible/ansible
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8fd406ee8e3a14be72b3cbbfe91d03fe35952f95
Introduced
2611867fd1dc387ceaa0ffb8ce0f030aafc2a859
Last affected
d28e4b63c7b70acbaf0a1fedd53c91b6686574a0
Introduced
24325a05dfb9104d6d4ec8b488b89e07c2e6d376
Last affected
9388be4269bdf83406bfa9245142de8b7dc8cfbc
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.16"
        },
        {
            "introduced": "2.8.0"
        },
        {
            "last_affected": "2.8.8"
        },
        {
            "introduced": "2.9.0"
        },
        {
            "last_affected": "2.9.5"
        }
    ]
}

Affected versions

0.*
0.0.1
0.01
0.3
0.7
v1.*
v1.0
v1.1
v1.2
v1.4.0
v1.6.0
v2.*
v2.0.0-0.1.alpha1
v2.0.0-0.2.alpha2
v2.0.0-0.3.beta1
v2.0.0-0.4.beta2
v2.0.0-0.5.beta3
v2.6.0a1
v2.7.0
v2.7.0.a1
v2.7.0b1
v2.7.0rc1
v2.7.0rc2
v2.7.0rc3
v2.7.0rc4
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1738.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.3.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "3.3.5"
            },
            {
                "last_affected": "3.4.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "3.5.0"
            },
            {
                "last_affected": "3.5.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "3.6.0"
            },
            {
                "last_affected": "3.6.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13"
            }
        ]
    }
]