CVE-2020-25635
MEDIUM5.0EPSS 0.08%Ansible does not collect garbage after playbook run
發布日:2025/10/31修改日:2025/10/31
描述
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.
受影響套件(2)
- PyPI/ansiblefrom 0, < 2.10.1
- PyPI/ansiblefrom 0, < 2.10.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.0 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25635
- PATCHhttps://github.com/ansible/ansible
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
- WEBhttps://github.com/ansible-collections/community.aws/issues/222
- WEBhttps://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml