Lucene search

[email protected]CVE-2020-25636

HistoryOct 05, 2020 - 1:15 p.m.

CVE-2020-25636

2020-10-0513:15:13

CWE-552

CWE-377

[email protected]

web.nvd.nist.gov

cve-2020-25636

ansible base

aws_ssm connection plugin

file transfers

service availability

security issue

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.

Affected configurations

Vulners

NVD

Node

aws_communitycommunity_collectionsRange1.0.0–1.2.0

CPENameOperatorVersion
redhat:ansibleredhat ansibleeq2.10.1

CPE	Name	Operator	Version
redhat:ansible	redhat ansible	eq	2.10.1

CNA Affected

[
  {
    "product": "Community Collections",
    "vendor": "AWS Community",
    "versions": [
      {
        "status": "affected",
        "version": " from 1.0.0 to 1.2.0"
      }
    ]
  }
]