CVE-2020-1733

CWE-377 CWE-362 — Race Condition CWE-668 — Exposure to Wrong Sphere21 documents9 sources

Severity

5.0MEDIUM

EPSS

0.0%

top 91.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Redhat Ansible Tower RED HAT Ansible +4 more

Timeline

PublishedMar 11

Latest updateJun 7

Description

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p "; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory c…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:LExploitability: 0.8 | Impact: 3.7

Affected Packages8 packages

▶PyPIansible2.8.0a1 — 2.8.11+2

▶NVDredhat/ansible2.8.0 — 2.8.8+2

▶Debianansible< 2.9.7+dfsg-1+3

▶Ubuntuansible< 2.0.0.2-2ubuntu1.3+esm1+3

▶NVDredhat/ansible_tower3.3.5 — 3.4.5+3

Also affects: Debian Linux 10.0, 8.0, Fedora 30, 31, 32

🔴Vulnerability Details

OSV

ansible vulnerabilities↗2022-06-07

▶

GHSA

Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible↗2022-02-09

▶

GHSA

Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File↗2021-04-20

▶

OSV

Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File↗2021-04-20

▶

CVEList

CVE-2020-1733: A race condition flaw was found in Ansible Engine 2↗2020-03-11

▶

📋Vendor Advisories

Ubuntu

Ansible vulnerabilities↗2022-06-07

▶

Red Hat

ansible: incomplete fix for CVE-2020-1733↗2020-05-14

▶

Microsoft

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the ↗2020-05-12

▶

Red Hat

ansible: insecure temporary directory when running become_user from become directive↗2020-02-18

▶

Debian

CVE-2020-1733: ansible - A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and pr...↗2020

▶

💬Community

Bugzilla

CVE-2020-10744 ansible: incomplete fix for CVE-2020-1733 [fedora-all]↗2020-05-14

▶

Bugzilla

CVE-2020-10744 ansible: incomplete fix for CVE-2020-1733 [openstack-rdo]↗2020-05-14

▶

Bugzilla

CVE-2020-10744 ansible: incomplete fix for CVE-2020-1733↗2020-05-14

▶

Bugzilla

CVE-2020-10744 ansible: incomplete fix for CVE-2020-1733 [epel-all]↗2020-05-14

▶

Bugzilla

CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive [openstack-rdo]↗2020-02-27

▶