CVE-2020-25636

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.

CVSS v3 6.6 MEDIUM
CVSS v2.0 3.6 LOW

6.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636	Issue Tracking Vendor Advisory
https://github.com/ansible-collections/community.aws/issues/221	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636	Issue Tracking Vendor Advisory
https://github.com/ansible-collections/community.aws/issues/221	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:ansible:2.10.1:rc2:*:*:*:*:*:*

History

21 Nov 2024, 05:18

Type	Values Removed	Values Added
CVSS	v2 : ~~3.6~~ v3 : ~~7.1~~	v2 : 3.6 v3 : 6.6
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636 - Issue Tracking, Vendor Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636 - Issue Tracking, Vendor Advisory
References	~~() https://github.com/ansible-collections/community.aws/issues/221 - Third Party Advisory~~	() https://github.com/ansible-collections/community.aws/issues/221 - Third Party Advisory

Information

Published : 2020-10-05 13:15

Updated : 2024-11-21 05:18

NVD link : CVE-2020-25636

Mitre link : CVE-2020-25636

CVE.ORG link : CVE-2020-25636

JSON object : View

Products Affected

redhat

ansible

CWE

CWE-377

Insecure Temporary File

CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2020-25636", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2020-10-05T13:15:13.490", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/ansible-collections/community.aws/issues/221", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ansible-collections/community.aws/issues/221", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-377"}, {"lang": "en", "value": "CWE-552"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en Ansible Base cuando se usa el plugin de conexi\u00f3n aws_ssm, ya que no posee una separaci\u00f3n de espacios de nombres para las transferencias de archivos. Los archivos se escriben directamente en el bucket root, haciendo posible tener colisiones cuando se ejecutan m\u00faltiples procesos de ansible. Este problema afecta principalmente a la disponibilidad del servicio"}], "lastModified": "2024-11-21T05:18:18.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible:2.10.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C88089F-2A0A-4D2E-915B-C58D7402821C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}