GitHub Advisory DatabaseGHSA-923P-FR2C-G5M2Exposure of Sensitive Information to an Unauthorized Actor in Ansible
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
3.9 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
16.5%
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument “password” of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
Affected configurations
References
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
github.com/advisories/GHSA-923p-fr2c-g5m2
github.com/ansible/ansible/issues/67797
lists.debian.org/debian-lts-announce/2020/05/msg00005.html
lists.fedoraproject.org/archives/list/[email protected]/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
lists.fedoraproject.org/archives/list/[email protected]/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
lists.fedoraproject.org/archives/list/[email protected]/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
nvd.nist.gov/vuln/detail/CVE-2020-1739
www.debian.org/security/2021/dsa-4950
Related
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
3.9 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
16.5%