CVE-2020-1735 — Path Traversal in Redhat Ansible
Severity
4.6MEDIUMNVD
CNA4.2
EPSS
0.2%
top 63.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 16
Latest updateApr 7
Description
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:NExploitability: 1.5 | Impact: 2.7
Affected Packages7 packages
Also affects: Debian Linux 10.0, Fedora 30, 31, 32
Patches
🔴Vulnerability Details
4📋Vendor Advisories
2💬Community
5Bugzilla▶
CVE-2020-27764 ImageMagick: outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c↗2020-11-04
Bugzilla
▶
Bugzilla
▶
Bugzilla
▶