3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
ansible is vulnerable to world readable file. When the function atomic_move
is invoked for moving files without a mode, it leads to a file creattion with default 0666
permissions if the destination file does not exists, creating world readable files depending on the default umask as well as the permissions on the destination directory.
bugzilla.redhat.com/show_bug.cgi?id=1802124
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
github.com/ansible/ansible/issues/67794
lists.fedoraproject.org/archives/list/[email protected]/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
lists.fedoraproject.org/archives/list/[email protected]/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/
security.gentoo.org/glsa/202006-11
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N