CVE-2020-1738
Gentoo Linux Security Advisory 202006-11
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Se detectó un fallo en Ansible Engine, cuando el paquete o servicio del módulo es usado y el parámetro "use" no es especificado. Si una tarea anterior es ejecutada con un usuario malicioso, el módulo enviado puede ser seleccionado por parte del atacante usando el archivo de datos de ansible. Se cree que todas las versiones en las derivaciones 2.7.x, 2.8.x y 2.9.x son vulnerables.
Multiple vulnerabilities have been found in Ansible, the worst of which could result in the arbitrary execution of code. Versions less than 2.9.7 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-27 CVE Reserved
- 2020-03-16 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/ansible/ansible/issues/67796 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738 | 2023-11-07 | |
| https://security.gentoo.org/glsa/202006-11 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Ansible Search vendor "Redhat" for product "Ansible" | <= 2.7.16 Search vendor "Redhat" for product "Ansible" and version " <= 2.7.16" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Search vendor "Redhat" for product "Ansible" | >= 2.8.0 <= 2.8.8 Search vendor "Redhat" for product "Ansible" and version " >= 2.8.0 <= 2.8.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Search vendor "Redhat" for product "Ansible" | >= 2.9.0 <= 2.9.5 Search vendor "Redhat" for product "Ansible" and version " >= 2.9.0 <= 2.9.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | <= 3.3.4 Search vendor "Redhat" for product "Ansible Tower" and version " <= 3.3.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | >= 3.3.5 <= 3.4.5 Search vendor "Redhat" for product "Ansible Tower" and version " >= 3.3.5 <= 3.4.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | >= 3.5.0 <= 3.5.5 Search vendor "Redhat" for product "Ansible Tower" and version " >= 3.5.0 <= 3.5.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | >= 3.6.0 <= 3.6.3 Search vendor "Redhat" for product "Ansible Tower" and version " >= 3.6.0 <= 3.6.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms Management Engine Search vendor "Redhat" for product "Cloudforms Management Engine" | 5.0 Search vendor "Redhat" for product "Cloudforms Management Engine" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 13 Search vendor "Redhat" for product "Openstack" and version "13" | - |
Affected
| ||||||