CVE-2020-1739
Severity
3.9LOW
EPSS
0.0%
top 86.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 12
Latest updateMar 5
Description
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 1.3 | Impact: 2.5
Affected Packages7 packages
Also affects: Debian Linux 10.0, 8.0, Fedora 30, 31, 32
Patches
🔴Vulnerability Details
4📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2020-2167 openshift/jenkins-plugin: Deserialization in snakeyaml YAML() objects allows for remote code execution↗2020-03-24
Bugzilla▶
CVE-2020-1739 ansible: svn module leaks password when specified as a parameter [openstack-rdo]↗2020-02-27
Bugzilla▶
CVE-2020-1739 ansible: svn module leaks password when specified as a parameter [epel-all]↗2020-02-20
Bugzilla▶
CVE-2020-1739 ansible: svn module leaks password when specified as a parameter [fedora-all]↗2020-02-20