Vulnerabilities > CVE-2020-25636 - Files or Directories Accessible to External Parties vulnerability in Redhat Ansible 2.10.1

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

redhat

CWE-552

NVD

Published: 2020-10-05

Updated: 2023-11-07

Summary

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Ansible 2.10.1	1

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://github.com/ansible-collections/community.aws/issues/221
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636