CVE-2020-25635 MEDIUM

CVE-2020-25635

Vendor Aws Community
Product Community Collections
Weakness CWE-212
Published October 5, 2020
Last update August 4, 2024

CVSS base score

5.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.

Key dates

02Disclosure timeline

October 5, 2020 CVE published
August 4, 2024 Record updated