CVE-2020-1739 – ansible

Package

Manager: pip
Name: ansible
Vulnerable Version: >=0 <2.7.17 || >=2.8.0a1 <2.8.11 || >=2.9.0a1 <2.9.7

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00041 pctl0.11748

Details

Exposure of Sensitive Information to an Unauthorized Actor in Ansible A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.

Metadata

Created: 2021-04-07T20:30:44Z
Modified: 2024-09-06T17:53:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-923p-fr2c-g5m2/GHSA-923p-fr2c-g5m2.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-923p-fr2c-g5m2
Finding: F017
Auto approve: 1