What is the severity of CVE-2020-1738?

The severity of CVE-2020-1738 is rated as low, with a severity value of 3.9.

Which versions of Ansible are affected by CVE-2020-1738?

Versions 2.7.x, 2.8.x, and 2.9.x branches of Ansible are affected by CVE-2020-1738.

How can I fix CVE-2020-1738?

To fix CVE-2020-1738, it is recommended to specify the 'use' parameter when using the module package or service in Ansible.

Where can I find more information about CVE-2020-1738?

More information about CVE-2020-1738 can be found at the following references: [Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738), [GitHub](https://github.com/ansible/ansible/issues/67796), [Gentoo Security](https://security.gentoo.org/glsa/202006-11).

Vulnerability/
CVE-2020-1738

low

3.9

CWE

16/3/2020

4/8/2021

CVE-2020-1738

Q: What is CVE-2020-1738?

CVE-2020-1738 is a vulnerability in Ansible Engine when the module package or service is used without specifying the 'use' parameter.

First published: Mon Mar 16 2020(Updated: )

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Redhat Ansible	<=2.7.16
Redhat Ansible	>=2.8.0<=2.8.8
Redhat Ansible	>=2.9.0<=2.9.5
Redhat Ansible Tower	<=3.3.4
Redhat Ansible Tower	>=3.3.5<=3.4.5
Redhat Ansible Tower	>=3.5.0<=3.5.5
Redhat Ansible Tower	>=3.6.0<=3.6.3
Redhat Cloudforms Management Engine	=5.0
Redhat Openstack	=13

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-1738?
CVE-2020-1738 is a vulnerability in Ansible Engine when the module package or service is used without specifying the 'use' parameter.
What is the severity of CVE-2020-1738?
The severity of CVE-2020-1738 is rated as low, with a severity value of 3.9.
Which versions of Ansible are affected by CVE-2020-1738?
Versions 2.7.x, 2.8.x, and 2.9.x branches of Ansible are affected by CVE-2020-1738.
How can I fix CVE-2020-1738?
To fix CVE-2020-1738, it is recommended to specify the 'use' parameter when using the module package or service in Ansible.
Where can I find more information about CVE-2020-1738?
More information about CVE-2020-1738 can be found at the following references: [Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738), [GitHub](https://github.com/ansible/ansible/issues/67796), [Gentoo Security](https://security.gentoo.org/glsa/202006-11).

collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/tags
agent/type
agent/event
agent/description
agent/last-modified-date
vendor/redhat
canonical/redhat ansible
version/redhat ansible/2.7.16
version/redhat ansible/2.8.0
version/redhat ansible/2.8.8
version/redhat ansible/2.9.0
version/redhat ansible/2.9.5
canonical/redhat ansible tower
version/redhat ansible tower/3.3.4
version/redhat ansible tower/3.3.5
version/redhat ansible tower/3.4.5
version/redhat ansible tower/3.5.0
version/redhat ansible tower/3.5.5
version/redhat ansible tower/3.6.0
version/redhat ansible tower/3.6.3
canonical/redhat cloudforms management engine
version/redhat cloudforms management engine/5.0
canonical/redhat openstack
version/redhat openstack/13

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.