CVE-2020-25635

Опубликовано: 05 окт. 2020

Источник: nvd

CVSS3: 5

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
Issue Tracking
Vendor Advisory
https://github.com/ansible-collections/community.aws/issues/222
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
Issue Tracking
Vendor Advisory
https://github.com/ansible-collections/community.aws/issues/222
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:ansible:2.10.1:rc2:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00136

Низкий

5 Medium

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-212

Связанные уязвимости

CVE-2020-25635

CVSS3: 5

ubuntu

больше 5 лет назад

CVE-2020-25635

CVSS3: 5

redhat

больше 5 лет назад

CVE-2020-25635

CVSS3: 5

debian

больше 5 лет назад

A flaw was found in Ansible Base when using the aws_ssm connection plu ...

GHSA-f556-49jc-4rvc

CVSS3: 5

github

3 месяца назад

Ansible does not collect garbage after playbook run

EPSS

Процентиль: 34%

0.00136

Низкий

5 Medium

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-212