CVE-2020-25635Improper Removal of Sensitive Information Before Storage or Transfer in Redhat Ansible

CWE-212Improper Removal of Sensitive Information Before Storage or Transfer8 documents7 sources
Severity
5.5MEDIUMNVD
CNA5.0
EPSS
0.1%
top 76.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat AnsibleAWS Community Community Collections
Timeline
PublishedOct 5
Latest updateOct 31

Description

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

PyPIredhat/ansible< 2.10.1
NVDredhat/ansible2.10.1
CVEListV5aws_community/community_collectionsfrom 1.0.0 to 1.2.0

🔴Vulnerability Details

4
GHSA
Ansible does not collect garbage after playbook run2025-10-31
OSV
Ansible does not collect garbage after playbook run2025-10-31
CVEList
CVE-2020-25635: A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed2020-10-05
OSV
CVE-2020-25635: A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed2020-10-05

📋Vendor Advisories

2
Red Hat
Collections: aws_ssm connection plugin should garbage collect the s3 bucket after the file transfers2020-09-04
Debian
CVE-2020-25635: ansible - A flaw was found in Ansible Base when using the aws_ssm connection plugin as gar...2020

💬Community

1
Bugzilla
CVE-2020-25635 Collections: aws_ssm connection plugin should garbage collect the s3 bucket after the file transfers2020-09-18
CVE-2020-25635 — Redhat Ansible vulnerability | cvebase