CVE-2020-1738 : A flaw was found in Ansible Engine when the module package or service is used an

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Published 2020-03-16 16:15:14

Updated 2021-08-04 17:14:47

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2020-1738

Redhat » Openstack » Version: 13
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
Matching versions
Redhat » Cloudforms Management Engine » Version: 5.0
cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Ansible Tower
Versions from including (>=) 3.6.0 and up to, including, (<=) 3.6.3
cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
Matching versions
Redhat » Ansible Tower
Versions from including (>=) 3.3.5 and up to, including, (<=) 3.4.5
cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
Matching versions
Redhat » Ansible Tower
Versions up to, including, (<=) 3.3.4
cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
Matching versions
Redhat » Ansible Tower
Versions from including (>=) 3.5.0 and up to, including, (<=) 3.5.5
cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
Matching versions
Redhat » Ansible
Versions up to, including, (<=) 2.7.16
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
Matching versions
Redhat » Ansible
Versions from including (>=) 2.8.0 and up to, including, (<=) 2.8.8
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
Matching versions
Redhat » Ansible
Versions from including (>=) 2.9.0 and up to, including, (<=) 2.9.5
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-1738

EPSS FAQ

0.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 30 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-1738

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.6	LOW	AV:L/AC:H/Au:N/C:N/I:P/A:P	1.9	4.9	NIST
Access Vector: Local Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial
3.9	LOW	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L	0.8	2.7	Red Hat, Inc.
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Changed Confidentiality: None Integrity: Low Availability: Low
3.9	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L	0.8	2.7	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Changed Confidentiality: None Integrity: Low Availability: Low

CWE ids for CVE-2020-1738

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2020-1738

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738

1802164 – (CVE-2020-1738) CVE-2020-1738 ansible: module package can be selected by the ansible facts
Issue Tracking;Vendor Advisory
https://security.gentoo.org/glsa/202006-11

Ansible: Multiple vulnerabilities (GLSA 202006-11) — Gentoo security

CVEs referencing this url
https://github.com/ansible/ansible/issues/67796

package and service modules allow arbitrary modules to be executed · Issue #67796 · ansible/ansible · GitHub
Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-1738

Products affected by CVE-2020-1738

Exploit prediction scoring system (EPSS) score for CVE-2020-1738

CVSS scores for CVE-2020-1738

CWE ids for CVE-2020-1738

References for CVE-2020-1738