Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-10744

Date: May 15, 2020

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.

Language: Python

Severity Score

Related Resources (10)

https://nvd.nist.gov/vuln/detail/CVE-2020-10744
https://github.com/ansible/ansible
https://github.com/ansible/ansible/issues/69782
https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80
https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml
https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744
https://github.com/advisories/GHSA-vp9j-rghq-8jhh
https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f
https://www.mend.io/vulnerability-database/CVE-2020-10744

Severity Score

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Race Conditions

CWE-362

Insecure Temporary File

CWE-377

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us