CVE-2020-25635 — MEDIUM (5.0)

Vulnerability Description

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Ansible	2.10.1

Related Weaknesses (CWE)

CWE-212

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635Issue TrackingVendor Advisory
https://github.com/ansible-collections/community.aws/issues/222Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635Issue TrackingVendor Advisory
https://github.com/ansible-collections/community.aws/issues/222Third Party Advisory

FAQ

What is CVE-2020-25635?

CVE-2020-25635 is a vulnerability with a CVSS score of 5.0 (MEDIUM). A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. Thi...

How severe is CVE-2020-25635?

CVE-2020-25635 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-25635?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible.