Homepage
About Snyk

Information Exposure Affecting ansible package, versions [2.7.0,2.7.17) [2.8.0,2.8.11) [2.9.0,2.9.7)

0.0
medium

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 0.07% (31st percentile)
Expand this section
NVD
3.3 low
Expand this section
Red Hat
2.2 low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-ANSIBLE-560365
  • published 16 Mar 2020
  • disclosed 16 Mar 2020
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 16 Mar 2020

CVE-2020-1736 Open this link in a new tab
CWE-200 Open this link in a new tab

How to fix?

Upgrade ansible to version 2.7.17, 2.8.11, 2.9.7 or higher.

Overview

ansible is a simple IT automation system.

Affected versions of this package are vulnerable to Information Exposure. When a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data.