CVE-2020-1738 LOW

CVE-2020-1738

Vendor Red Hat
Product ansible
Weakness CWE-88
Published March 16, 2020
Last update August 4, 2024

CVSS base score

3.9/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L

What the vulnerability does

01Description

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Key dates

02Disclosure timeline

March 16, 2020 CVE published
August 4, 2024 Record updated