How severe is CVE-2020-25636?

CVE-2020-25636 has a CVSS v3 score of 6.6 (MEDIUM).

CVE-2020-25636

Name: ansible
Author: redhat

6.6MEDIUM

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have

Publicado: 10/5/2020Actualizado: 11/21/2024

Descripción

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.

Análisis IAImpulsado por IA

Productos Afectados

redhatansible

2.10.1

Referencias

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636
Issue TrackingVendor Advisory
https://github.com/ansible-collections/community.aws/issues/221
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636
Issue TrackingVendor Advisory
https://github.com/ansible-collections/community.aws/issues/221
Third Party Advisory