CVE-2020-1739

Published: Mar 12, 2020Modified: Nov 21, 2024

3.9

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Exploitability: 1.3 / Impact: 2.5

Source: NVD

Description

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.

Affected (14)

Products: Redhat: Ansible, Ansible Tower, Cloudforms Management Engine, Openstack · Fedoraproject: Fedora · Debian: Debian Linux

4 products

Cloudforms Management Engine

1 product

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Redhat Ansible	Up to 2.7.16
Redhat Ansible	From 2.8.0 to 2.8.8
Redhat Ansible	From 2.9.0 to 2.9.5
Redhat Ansible Tower	Up to 3.3.4
Redhat Ansible Tower	From 3.4.0 to 3.4.5
Redhat Ansible Tower	From 3.5.0 to 3.5.5
Redhat Ansible Tower	From 3.6.0 to 3.6.3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Cloudforms Management Engine	Version 5.0
Redhat Openstack	Version 13

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31
Fedoraproject Fedora	Version 32

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/ansible/ansible/issues/67797

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/

Source: secalert@redhat.com

https://www.debian.org/security/2021/dsa-4950

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/ansible/ansible/issues/67797

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2021/dsa-4950

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.