redhat ansible CVE-2020-1735 vulnerability in Red Hat and Other Products
Published on March 16, 2020

product logo product logo product logo
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2020-1735 can be exploited with local system access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

What is a Directory traversal Vulnerability?

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE-2020-1735 has been classified to as a Directory traversal vulnerability or weakness.


Products Associated with CVE-2020-1735

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-1735 are published in these products:

Red Hat Ansible
 
Red Hat Ansible Tower
 
Red Hat Cloudforms Management Engine
 
Red Hat Openstack
 
Debian Linux
 
Fedora Project Fedora
 

Affected Versions

Red Hat ansible Version 2.7.x, 2.8.x, 2.9.x is affected by CVE-2020-1735

Exploit Probability

EPSS
0.14%
Percentile
35.23%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.