File Transfer Collision Vulnerability in Ansible Base by Red Hat
CVE-2020-25636

6.6MEDIUM

Key Information:

Vendor: Aws Community
Status: Community Collections
Vendor: CVE Published:; 5 October 2020

🔔 Create Aws Community Vulnerability Alert

What is CVE-2020-25636?

A flaw in Ansible Base when utilizing the aws_ssm connection plugin leads to a lack of namespace separation for file transfers. This results in files being written directly to the root bucket, which raises the risk of collisions during simultaneous Ansible processes. As a consequence, this vulnerability can significantly compromise the availability of the services dependent on these file transfers.

Affected Version(s)

Community Collections from 1.0.0 to 1.2.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636

x_refsource_CONFIRM

https://github.com/ansible-collections/community.aws/issu...

x_refsource_MISC

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 5, 2020
Vulnerability Reserved
Sep 16, 2020