CVE-2020-25636 MEDIUM

CVE-2020-25636

Vendor Aws Community
Product Community Collections
Weakness CWE-552 · Files accessible externally
Published October 5, 2020
Last update August 4, 2024

CVSS base score

6.6/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.

Key dates

02Disclosure timeline

October 5, 2020 CVE published
August 4, 2024 Record updated