Lucene search

[email protected]NVD:CVE-2020-25635

HistoryOct 05, 2020 - 2:15 p.m.

CVE-2020-25635

2020-10-0514:15:13

CWE-212

[email protected]

web.nvd.nist.gov

ansible

aws_ssm

data confidentiality

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.

Affected configurations

Nvd

Node

redhatansibleMatch2.10.1rc2

VendorProductVersionCPE
redhatansible2.10.1cpe:2.3:a:redhat:ansible:2.10.1:rc2:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	ansible	2.10.1	cpe:2.3:a:redhat:ansible:2.10.1:rc2::::::

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635

github.com/ansible-collections/community.aws/issues/222

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2020-25635

redhatcve1 cvelist1 prion1 osv2 ubuntucve1 debiancve1 cve1 freebsd1 nessus1