CVE-2020-1735

Summary

A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Affected Software

VendorProductVersion RangeStatus
Red Hatansible2.7.x, 2.8.x, 2.9.xaffected

Weaknesses

  • CWE-22: CWE-22

ADP Enrichment

CVE Program Container

Additional References

References