CVE-2020-25635

Published: Oct 5, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.

Affected (1)

Products: Redhat: Ansible

Redhat

1 product

Ansible

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Ansible	Version 2.10.1 rc2

Related CWEs

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://github.com/ansible-collections/community.aws/issues/222

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://github.com/ansible-collections/community.aws/issues/222

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.