Data Exposure Risk in Ansible Base Due to Inadequate Cleanup in AWS SSM Plugin
CVE-2020-25635

5MEDIUM

Key Information:

Vendor: Aws Community
Status: Community Collections
Vendor: CVE Published:; 5 October 2020

🔔 Create Aws Community Vulnerability Alert

What is CVE-2020-25635?

Ansible Base contains a vulnerability related to the aws_ssm connection plugin due to an improper cleanup mechanism. After running a playbook, files may remain in the associated AWS S3 bucket, potentially exposing sensitive data to unauthorized access. This flaw poses a significant risk to data confidentiality, as remnants of previous operations could be exploited if not diligently cleaned up. Users of Ansible Base should remain vigilant and implement necessary measures to mitigate this risk, such as regular audits of S3 bucket contents and reviewing access permissions.

Affected Version(s)

Community Collections from 1.0.0 to 1.2.0

References

https://github.com/ansible-collections/community.aws/issu...

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 5, 2020
Vulnerability Reserved
Sep 16, 2020