4.6
CVE-2020-1735
- EPSS 0.14%
- Veröffentlicht 16.03.2020 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:11:16
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Ansible Tower Version <= 3.3.4
Redhat ≫ Ansible Tower Version >= 3.3.5 <= 3.4.5
Redhat ≫ Ansible Tower Version >= 3.5.0 <= 3.5.5
Redhat ≫ Ansible Tower Version >= 3.6.0 <= 3.6.3
Redhat ≫ Cloudforms Management Engine Version5.0
Debian ≫ Debian Linux Version10.0
Fedoraproject ≫ Fedora Version30
Fedoraproject ≫ Fedora Version31
Fedoraproject ≫ Fedora Version32
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.352 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 1.5 | 2.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.6 | 3.9 | 4.9 |
AV:L/AC:L/Au:N/C:P/I:P/A:N
|
| secalert@redhat.com | 4.2 | 1.1 | 2.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.