You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
CVE-2020-1738 - Low Severity Vulnerability
Vulnerable Libraries - ansible-2.2.3.0.tar.gz, ansible-2.5.4.tar.gz
ansible-2.2.3.0.tar.gz
Radically simple IT automation
Library home page: https://files.pythonhosted.org/packages/ba/41/83e024cdf5ca3b53c14261f268da7512ca395b893cab98c0639f9644b6b7/ansible-2.2.3.0.tar.gz
Path to dependency file: yugabyte-db/cloud/kubernetes/yb-multiregion-k8s
Path to vulnerable library: yugabyte-db/cloud/kubernetes/yb-multiregion-k8s,yugabyte-db/managed/devops/python_requirements.txt
Dependency Hierarchy:
ansible-2.5.4.tar.gz
Radically simple IT automation
Library home page: https://files.pythonhosted.org/packages/6e/95/490f5e39ee7cc7956eecd070610f0a873b97781c9efdbf6098bad2ed3ee0/ansible-2.5.4.tar.gz
Path to dependency file: yugabyte-db/managed/devops/python3_requirements.txt
Path to vulnerable library: yugabyte-db/managed/devops/python3_requirements.txt,yugabyte-db/cloud/kubernetes/yb-multiregion-k8s
Dependency Hierarchy:
Found in HEAD commit: d5a0ed9bff63893a5435e09333d22846f6bb3acc
Found in base branch: master
Vulnerability Details
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Publish Date: 2020-03-16
URL: CVE-2020-1738
CVSS 3 Score Details (3.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738
Release Date: 2020-03-16
Fix Resolution: ansible-engine 2.9.7
The text was updated successfully, but these errors were encountered: