CVE-2020-25635

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-25635
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25635.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-25635
Aliases
Downstream
Published
2020-10-05T14:15:13.217Z
Modified
2026-03-14T10:06:57.345698Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type
GIT
Repo
https://github.com/ansible/ansible
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0e68601002de5e4e0b06dde6a8f737ebd3312349
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.10.1-rc2"
        }
    ]
}

Affected versions

0.*
0.0.1
0.0.2
0.01
0.3
0.7
Other
pre-ansible-base
v1_last
stable-2.*
stable-2.10-branchpoint
stable-2.9-branchpoint
v1.*
v1.0
v1.1
v1.2
v1.4.0
v1.5.0
v1.5.1
v1.6.0
v2.*
v2.0.0-0.1.alpha1
v2.0.0-0.2.alpha2
v2.0.0-0.3.beta1
v2.0.0-0.4.beta2
v2.0.0-0.5.beta3
v2.10.0
v2.10.0b1
v2.10.0rc1
v2.10.0rc2
v2.10.0rc3
v2.10.0rc4
v2.10.1rc2
v2.6.0a1
v2.7.0.a1
v2.8.0a1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25635.json"