CVE-2020-1746

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1746

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1746.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1746

Aliases

Related

Published

2020-05-12T18:15:13Z

Modified

2024-09-18T03:08:31.484151Z

Severity

5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.

References

Affected packages

Alpine:v3.11 / ansible

Package

Name: ansible
Purl: pkg:apk/alpine/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.7-r0

Affected versions

0.*

0.3.1-r0

0.4-r0

0.5-r0

0.7-r0

0.7.1-r0

0.8-r0

0.9-r0

1.*

1.0-r0

1.0-r1

1.1-r0

1.1-r1

1.2-r1

1.2.1-r1

1.2.2-r0

1.2.3-r0

1.3.3-r0

1.3.4-r0

1.4.1-r0

1.4.3-r0

1.4.5-r0

1.5.0-r0

1.5.4-r0

1.5.5-r0

1.6.1-r0

1.6.5-r0

1.6.6-r0

1.6.7-r0

1.7.0-r0

1.7.1-r0

1.7.2-r0

1.8.0-r0

1.8.2-r0

1.8.4-r0

1.9.2-r0

1.9.2-r1

1.9.3-r0

1.9.3-r1

1.9.4-r0

2.*

2.0.0.2-r0

2.0.0.2-r1

2.0.1.0-r1

2.1.0.0-r0

2.1.1.0-r0

2.1.2.0-r0

2.2.0.0-r0

2.2.1.0-r0

2.2.1.0-r1

2.2.2.0-r0

2.3.0.0-r0

2.3.0.0-r1

2.3.1.0-r0

2.3.2.0-r0

2.4.0.0-r0

2.4.1.0-r0

2.4.2.0-r0

2.4.3.0-r0

2.5.0-r0

2.5.2-r0

2.5.4-r0

2.5.5-r0

2.6.0-r0

2.6.1-r0

2.6.3-r0

2.7.0-r0

2.7.0-r1

2.7.9-r0

2.7.9-r1

2.8.0-r1

2.8.1-r0

2.8.2-r0

2.8.3-r0

2.8.4-r0

2.8.6-r0

2.8.6-r1

2.8.6-r2

2.8.6-r3

2.9.1-r0

2.9.3-r0

2.9.6-r0

Alpine:v3.12 / ansible

Package

Name: ansible
Purl: pkg:apk/alpine/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.7-r0

Affected versions

0.*

0.3.1-r0

0.4-r0

0.5-r0

0.7-r0

0.7.1-r0

0.8-r0

0.9-r0

1.*

1.0-r0

1.0-r1

1.1-r0

1.1-r1

1.2-r1

1.2.1-r1

1.2.2-r0

1.2.3-r0

1.3.3-r0

1.3.4-r0

1.4.1-r0

1.4.3-r0

1.4.5-r0

1.5.0-r0

1.5.4-r0

1.5.5-r0

1.6.1-r0

1.6.5-r0

1.6.6-r0

1.6.7-r0

1.7.0-r0

1.7.1-r0

1.7.2-r0

1.8.0-r0

1.8.2-r0

1.8.4-r0

1.9.2-r0

1.9.2-r1

1.9.3-r0

1.9.3-r1

1.9.4-r0

2.*

2.0.0.2-r0

2.0.0.2-r1

2.0.1.0-r1

2.1.0.0-r0

2.1.1.0-r0

2.1.2.0-r0

2.2.0.0-r0

2.2.1.0-r0

2.2.1.0-r1

2.2.2.0-r0

2.3.0.0-r0

2.3.0.0-r1

2.3.1.0-r0

2.3.2.0-r0

2.4.0.0-r0

2.4.1.0-r0

2.4.2.0-r0

2.4.3.0-r0

2.5.0-r0

2.5.2-r0

2.5.4-r0

2.5.5-r0

2.6.0-r0

2.6.1-r0

2.6.3-r0

2.7.0-r0

2.7.0-r1

2.7.9-r0

2.7.9-r1

2.8.0-r1

2.8.1-r0

2.8.2-r0

2.8.3-r0

2.8.4-r0

2.8.6-r0

2.8.6-r1

2.8.6-r2

2.8.6-r3

2.9.1-r0

2.9.2-r0

2.9.2-r1

2.9.3-r0

2.9.4-r0

2.9.5-r0

2.9.6-r0

Alpine:v3.13 / ansible-base

Package

Name: ansible-base
Purl: pkg:apk/alpine/ansible-base?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.7-r0

Affected versions

0.*

0.3.1-r0

0.4-r0

0.5-r0

0.7-r0

0.7.1-r0

0.8-r0

0.9-r0

1.*

1.0-r0

1.0-r1

1.1-r0

1.1-r1

1.2-r1

1.2.1-r1

1.2.2-r0

1.2.3-r0

1.3.3-r0

1.3.4-r0

1.4.1-r0

1.4.3-r0

1.4.5-r0

1.5.0-r0

1.5.4-r0

1.5.5-r0

1.6.1-r0

1.6.5-r0

1.6.6-r0

1.6.7-r0

1.7.0-r0

1.7.1-r0

1.7.2-r0

1.8.0-r0

1.8.2-r0

1.8.4-r0

1.9.2-r0

1.9.2-r1

1.9.3-r0

1.9.3-r1

1.9.4-r0

2.*

2.0.0.2-r0

2.0.0.2-r1

2.0.1.0-r1

2.1.0.0-r0

2.1.1.0-r0

2.1.2.0-r0

2.2.0.0-r0

2.2.1.0-r0

2.2.1.0-r1

2.2.2.0-r0

2.3.0.0-r0

2.3.0.0-r1

2.3.1.0-r0

2.3.2.0-r0

2.4.0.0-r0

2.4.1.0-r0

2.4.2.0-r0

2.4.3.0-r0

2.5.0-r0

2.5.2-r0

2.5.4-r0

2.5.5-r0

2.6.0-r0

2.6.1-r0

2.6.3-r0

2.7.0-r0

2.7.0-r1

2.7.9-r0

2.7.9-r1

2.8.0-r1

2.8.1-r0

2.8.2-r0

2.8.3-r0

2.8.4-r0

2.8.6-r0

2.8.6-r1

2.8.6-r2

2.8.6-r3

2.9.1-r0

2.9.2-r0

2.9.2-r1

2.9.3-r0

2.9.4-r0

2.9.5-r0

2.9.6-r0

Alpine:v3.14 / ansible-base

Package

Name: ansible-base
Purl: pkg:apk/alpine/ansible-base?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.7-r0

Affected versions

0.*

0.3.1-r0

0.4-r0

0.5-r0

0.7-r0

0.7.1-r0

0.8-r0

0.9-r0

1.*

1.0-r0

1.0-r1

1.1-r0

1.1-r1

1.2-r1

1.2.1-r1

1.2.2-r0

1.2.3-r0

1.3.3-r0

1.3.4-r0

1.4.1-r0

1.4.3-r0

1.4.5-r0

1.5.0-r0

1.5.4-r0

1.5.5-r0

1.6.1-r0

1.6.5-r0

1.6.6-r0

1.6.7-r0

1.7.0-r0

1.7.1-r0

1.7.2-r0

1.8.0-r0

1.8.2-r0

1.8.4-r0

1.9.2-r0

1.9.2-r1

1.9.3-r0

1.9.3-r1

1.9.4-r0

2.*

2.0.0.2-r0

2.0.0.2-r1

2.0.1.0-r1

2.1.0.0-r0

2.1.1.0-r0

2.1.2.0-r0

2.2.0.0-r0

2.2.1.0-r0

2.2.1.0-r1

2.2.2.0-r0

2.3.0.0-r0

2.3.0.0-r1

2.3.1.0-r0

2.3.2.0-r0

2.4.0.0-r0

2.4.1.0-r0

2.4.2.0-r0

2.4.3.0-r0

2.5.0-r0

2.5.2-r0

2.5.4-r0

2.5.5-r0

2.6.0-r0

2.6.1-r0

2.6.3-r0

2.7.0-r0

2.7.0-r1

2.7.9-r0

2.7.9-r1

2.8.0-r1

2.8.1-r0

2.8.2-r0

2.8.3-r0

2.8.4-r0

2.8.6-r0

2.8.6-r1

2.8.6-r2

2.8.6-r3

2.9.1-r0

2.9.2-r0

2.9.2-r1

2.9.3-r0

2.9.4-r0

2.9.5-r0

2.9.6-r0

Alpine:v3.9 / ansible

Package

Name: ansible
Purl: pkg:apk/alpine/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.17-r0

Affected versions

0.*

0.3.1-r0

0.4-r0

0.5-r0

0.7-r0

0.7.1-r0

0.8-r0

0.9-r0

1.*

1.0-r0

1.0-r1

1.1-r0

1.1-r1

1.2-r1

1.2.1-r1

1.2.2-r0

1.2.3-r0

1.3.3-r0

1.3.4-r0

1.4.1-r0

1.4.3-r0

1.4.5-r0

1.5.0-r0

1.5.4-r0

1.5.5-r0

1.6.1-r0

1.6.5-r0

1.6.6-r0

1.6.7-r0

1.7.0-r0

1.7.1-r0

1.7.2-r0

1.8.0-r0

1.8.2-r0

1.8.4-r0

1.9.2-r0

1.9.2-r1

1.9.3-r0

1.9.3-r1

1.9.4-r0

2.*

2.0.0.2-r0

2.0.0.2-r1

2.0.1.0-r1

2.1.0.0-r0

2.1.1.0-r0

2.1.2.0-r0

2.2.0.0-r0

2.2.1.0-r0

2.2.1.0-r1

2.2.2.0-r0

2.3.0.0-r0

2.3.0.0-r1

2.3.1.0-r0

2.3.2.0-r0

2.4.0.0-r0

2.4.1.0-r0

2.4.2.0-r0

2.4.3.0-r0

2.5.0-r0

2.5.2-r0

2.5.4-r0

2.5.5-r0

2.6.0-r0

2.6.1-r0

2.6.3-r0

2.7.0-r0

2.7.0-r1

2.7.12-r0

2.7.13-r0

2.7.14-r0

2.7.16-r0

Debian:11 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Introduced

24325a05dfb9104d6d4ec8b488b89e07c2e6d376

Fixed

ff7bbbcaf1e8f434432075bc9c55626a9dd3091d

Affected versions

v2.*

v2.9.0

v2.9.1

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v2.9.6