Vulnerability CVE-2020-1739: Information
Description
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
ansible | p10 | 2.8.10-alt1 | 2.9.27-alt3.p10.2 | ALT-PU-2020-1453-1 | 247669 | Fixed |
ansible | p9 | 2.8.10-alt1 | 2.9.27-alt1 | ALT-PU-2020-1490-1 | 247670 | Fixed |
ansible | c10f1 | 2.8.10-alt1 | 2.9.27-alt3.p10.1 | ALT-PU-2020-1453-1 | 247669 | Fixed |
ansible | c9f2 | 2.8.10-alt1 | 2.9.26-alt2 | ALT-PU-2020-1490-1 | 247670 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739 |
|
https://github.com/ansible/ansible/issues/67797 |
|
[debian-lts-announce] 20200505 [SECURITY] [DLA 2202-1] ansible security update |
|
DSA-4950 |
|
FEDORA-2020-a3f12bcff4 | |
FEDORA-2020-0cab7041f7 | |
FEDORA-2020-87f5e1e829 |