Lucene search

[email protected]CVE-2020-25635

HistoryOct 05, 2020 - 2:15 p.m.

CVE-2020-25635

2020-10-0514:15:13

CWE-212

[email protected]

web.nvd.nist.gov

ansible

base

aws_ssm

connection plugin

garbage collector

data confidentiality

nvd

cve-2020-25635

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.

Affected configurations

Vulners

NVD

Node

aws_communitycommunity_collectionsRange1.0.0–1.2.0

CPENameOperatorVersion
redhat:ansibleredhat ansibleeq2.10.1

CPE	Name	Operator	Version
redhat:ansible	redhat ansible	eq	2.10.1

CNA Affected

[
  {
    "product": "Community Collections",
    "vendor": "AWS Community",
    "versions": [
      {
        "status": "affected",
        "version": "from 1.0.0 to 1.2.0"
      }
    ]
  }
]