CVE-2020-25636 Information

Description

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636 https://github.com/ansible-collections/community.aws/issues/221

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.1