CVE-2020-25636
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Summary
A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AWS Community | Community Collections | from 1.0.0 to 1.2.0 | affected |
Weaknesses
- CWE-552: CWE-552
- CWE-377: CWE-377
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636
- https://github.com/ansible-collections/community.aws/issues/221
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636
- https://github.com/ansible-collections/community.aws/issues/221
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.