3.7
CVSSv2

CVE-2020-10744

Published: 15/05/2020 Updated: 29/05/2020
CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9
CVSS v3 Base Score: 5 | Impact Score: 3.7 | Exploitability Score: 0.8
Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat ansible

redhat ansible tower

Vendor Advisories

Debian Bug report logs - #966660 ansible: CVE-2020-10744 Package: src:ansible; Maintainer for src:ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 1 Aug 2020 11:24:01 UTC Severity: important Tags: security, upstream Found in version ansible/2 ...