CVE-2020-25636

high

Description

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.

References

https://github.com/ansible-collections/community.aws/issues/221

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636

Details

Source: Mitre, NVD

Published: 2020-10-05

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: High