UBUNTU-CVE-2020-1738

Source
https://ubuntu.com/security/CVE-2020-1738
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-1738.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-1738
Related
Published
2020-03-16T16:15:00Z
Modified
2024-12-18T16:33:30Z
Severity
  • 3.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L CVSS Calculator
Summary
[none]
Details

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

References

Affected packages

Ubuntu:Pro:14.04:LTS / ansible

Package

Name
ansible
Purl
pkg:deb/ubuntu/ansible?arch=src?distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1+dfsg-1
1.3.4+dfsg-1
1.4.0+dfsg-1
1.4.1+dfsg-1
1.4.3+dfsg-1
1.4.4+dfsg-1
1.5.4+dfsg-1
1.5.4+dfsg-1ubuntu0.1~esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / ansible

Package

Name
ansible
Purl
pkg:deb/ubuntu/ansible?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.2+dfsg-2
1.9.4-1

2.*

2.0.0.2-2
2.0.0.2-2ubuntu1
2.0.0.2-2ubuntu1.1
2.0.0.2-2ubuntu1.2
2.0.0.2-2ubuntu1.3
2.0.0.2-2ubuntu1.3+esm1
2.0.0.2-2ubuntu1.3+esm2
2.0.0.2-2ubuntu1.3+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ansible

Package

Name
ansible
Purl
pkg:deb/ubuntu/ansible?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.1.0+dfsg-2
2.5.0+dfsg-1
2.5.1+dfsg-1
2.5.1+dfsg-1ubuntu0.1
2.5.1+dfsg-1ubuntu0.1+esm1
2.5.1+dfsg-1ubuntu0.1+esm2
2.5.1+dfsg-1ubuntu0.1+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ansible

Package

Name
ansible
Purl
pkg:deb/ubuntu/ansible?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.3+dfsg-1
2.8.6+dfsg-1
2.9.2+dfsg-1
2.9.4+dfsg-1
2.9.6+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ansible

Package

Name
ansible
Purl
pkg:deb/ubuntu/ansible?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.10.7+merged+base+2.10.8+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ansible

Package

Name
ansible
Purl
pkg:deb/ubuntu/ansible?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.2.0+dfsg-0ubuntu5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ansible

Package

Name
ansible
Purl
pkg:deb/ubuntu/ansible?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.7.0+dfsg-1
7.7.0+dfsg-3

9.*

9.2.0+dfsg-0ubuntu4
9.2.0+dfsg-0ubuntu5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}