CVE-2020-10744 vulnerability in Red Hat Products
Published on May 15, 2020
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.
Vulnerability Analysis
CVE-2020-10744 is exploitable with local system access, requires user interaction and a small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
Insecure Temporary File
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
Products Associated with CVE-2020-10744
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-10744 are published in these products:
Affected Versions
Red Hat ansible:- Version ansible-engine 2.7.18 and prior is affected.
- Version ansible-engine 2.8.12 and prior is affected.
- Version ansible-engine 2.9.9 and prior is affected.
- Version ansible-tower 3.4.5 and prior is affected.
- Version ansible-tower 3.5.6 and prior is affected.
- Version ansible-tower 3.6.4 and prior is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.