Lucene search
Redhat.comRH:CVE-2020-1738HistoryFeb 18, 2020 - 2:30 p.m.
CVE-2020-1738
2020-02-1814:30:17
redhat.com
access.redhat.com
7
0.0005 Low
EPSS
Percentile
17.4%
A flaw was found in Ansible Engine when the module package or service is used and the parameter ‘use’ is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.
Mitigation
Specify the parameter 'use' when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).
Related
osv
osv
PYSEC-2020-10
2020-03-16 16:15:00
CVE-2020-1738
2020-03-16 16:15:14
Argument Injection in Ansible
2022-02-09 22:00:04
nvd
nvd
CVE-2020-1738
2020-03-16 16:15:14
cve
cve
CVE-2020-1738
2020-03-16 16:15:14
ubuntucve
ubuntucve
CVE-2020-1738
2020-03-16 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-02-28 05:00:46
prion
prion
Design/Logic Flaw
2020-03-16 16:15:00
github
github
Argument Injection in Ansible
2022-02-09 22:00:04
debiancve
debiancve
CVE-2020-1738
2020-03-16 16:15:14
cvelist
cvelist
CVE-2020-1738
2020-03-16 15:08:03
nessus
nessus
Photon OS 2.0: Ansible PHSA-2020-2.0-0226
2020-04-10 00:00:00
Photon OS 3.0: Ansible PHSA-2020-3.0-0078
2020-04-21 00:00:00
GLSA-202006-11 : Ansible: Multiple vulnerabilities
2020-06-17 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0226
2020-04-07 00:00:00
Important Photon OS Security Update - PHSA-2020-0226
2020-04-07 00:00:00
Important Photon OS Security Update - PHSA-2020-0078
2020-04-08 00:00:00
gentoo
gentoo
Ansible: Multiple vulnerabilities
2020-06-13 00:00:00
suse
suse
Security update for ansible (important)
2022-03-16 00:00:00