CVE-2020-1739
LOW3.9EPSS 0.05%Exposure of Sensitive Information to an Unauthorized Actor in Ansible
發布日:2021/4/7修改日:2026/4/28
描述
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
受影響套件(5)
- Alpine/ansiblefrom 0, < 2.8.9-r0
- Alpine/ansible-basefrom 0, < 2.9.7-r0
- Debian/ansiblefrom 0, < 2.9.7+dfsg-1
- PyPI/ansiblefrom 0, < 2.7.17
- PyPI/ansiblefrom 0, < 2.7.17, >= 2.8.0, < 2.8.9, >= 2.9.0, < 2.9.6
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | LOW3.9 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
參考連結(22)
- ADVISORYhttps://github.com/advisories/GHSA-923p-fr2c-g5m2
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-1739
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2020-1739
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-1739
- PATCHhttps://github.com/ansible/ansible
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
- WEBhttps://github.com/ansible/ansible/commit/1a89d4f059c21a818306a39ada7f5284ae125237
- WEBhttps://github.com/ansible/ansible/commit/6c74a298702c8bb5532b9600073312e08f39680f
- WEBhttps://github.com/ansible/ansible/commit/c6c4fbf4a1fdea1e10ba94462a60c413990a16a4
- WEBhttps://github.com/ansible/ansible/issues/67797
- WEBhttps://github.com/ansible/ansible/pull/68911
- WEBhttps://github.com/ansible/ansible/pull/68912
- WEBhttps://github.com/ansible/ansible/pull/68913
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-11.yaml
- WEBhttps://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
- WEBhttps://www.debian.org/security/2021/dsa-4950