Information Exposure Affecting ansible package, versions [2.7.0,2.7.17) [2.8.0,2.8.11) [2.9.0,2.9.7)
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.07% (31st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-ANSIBLE-560365
- published 16 Mar 2020
- disclosed 16 Mar 2020
- credit Unknown
Introduced: 16 Mar 2020
CVE-2020-1736 Open this link in a new tabHow to fix?
Upgrade ansible
to version 2.7.17, 2.8.11, 2.9.7 or higher.
Overview
ansible is a simple IT automation system.
Affected versions of this package are vulnerable to Information Exposure. When a file is moved using atomic_move
primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data.