Home > Vulnerability Database > CVE-2020-1739

Mend.io Vulnerability Database

CVE-2020-1739

Good to know:

Date: March 12, 2020

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.

Language: Python

Severity Score

3.9

Related Resources (24)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7

Url: https://www.debian.org/security/2021/dsa-4950

Url: https://github.com/advisories/GHSA-923p-fr2c-g5m2

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3

Url: https://github.com/ansible/ansible/pull/68911

Url: https://github.com/ansible/ansible/pull/68913

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/

Url: https://github.com/ansible/ansible/pull/68912

Url: https://github.com/ansible/ansible/commit/1a89d4f059c21a818306a39ada7f5284ae125237

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/

Url: https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html

Url: https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-11.yaml

Url: https://github.com/ansible/ansible

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-1739

Url: https://github.com/ansible/ansible/issues/67797

Url: https://github.com/ansible/ansible/commit/6c74a298702c8bb5532b9600073312e08f39680f

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/

Url: https://github.com/ansible/ansible/commit/c6c4fbf4a1fdea1e10ba94462a60c413990a16a4

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/

Url: https://www.mend.io/vulnerability-database/CVE-2020-1739

Severity Score

3.9

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version ansible - 2.7.17,2.8.9,2.9.6

Learn More

CVSS v3.1

Base Score:	3.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.3
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-1739

Good to know:

Date: March 12, 2020

Language: Python

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?