Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-25636

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-05 Oct, 2020 | 12:51
Updated At-04 Aug, 2024 | 15:40
Rejected At-
Credits

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:05 Oct, 2020 | 12:51
Updated At:04 Aug, 2024 | 15:40
Rejected At:
▼CVE Numbering Authority (CNA)

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.

Affected Products
Vendor
AWS Community
Product
Community Collections
Versions
Affected
  • from 1.0.0 to 1.2.0
Problem Types
TypeCWE IDDescription
CWECWE-552CWE-552
CWECWE-377CWE-377
Type: CWE
CWE ID: CWE-552
Description: CWE-552
Type: CWE
CWE ID: CWE-377
Description: CWE-377
Metrics
VersionBase scoreBase severityVector
3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636
x_refsource_CONFIRM
https://github.com/ansible-collections/community.aws/issues/221
x_refsource_MISC
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/ansible-collections/community.aws/issues/221
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636
x_refsource_CONFIRM
x_transferred
https://github.com/ansible-collections/community.aws/issues/221
x_refsource_MISC
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/ansible-collections/community.aws/issues/221
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:05 Oct, 2020 | 13:15
Updated At:07 Nov, 2023 | 03:20

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Secondary3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Primary2.03.6LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Type: Primary
Version: 2.0
Base score: 3.6
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:P
CPE Matches
Red Hat, Inc.
redhat
>>ansible>>2.10.1
cpe:2.3:a:redhat:ansible:2.10.1:rc2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-552Primarynvd@nist.gov
CWE-377Secondarysecalert@redhat.com
CWE-552Secondarysecalert@redhat.com
CWE ID: CWE-552
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-377
Type: Secondary
Source: secalert@redhat.com
CWE ID: CWE-552
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636secalert@redhat.com
Issue Tracking
Vendor Advisory
https://github.com/ansible-collections/community.aws/issues/221secalert@redhat.com
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636
Source: secalert@redhat.com
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://github.com/ansible-collections/community.aws/issues/221
Source: secalert@redhat.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

64Records found
CVE-2021-4112
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 8.74%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 19:35
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-ansible_automation_platform_text-only_advisoriesansible_automation_platformansible_automation_platform_early_accessenterprise_linuxansible_toweransible-tower
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2017-15104
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.46%
||
7 Day CHG~0.00%
Published-18 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

Action-Not Available
Vendor-heketi_projectHeketiRed Hat, Inc.
Product-enterprise_linuxheketiHeketi
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2016-3715
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-88.97% / 99.50%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 18:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

Action-Not Available
Vendor-n/aSUSEopenSUSERed Hat, Inc.Oracle CorporationCanonical Ltd.ImageMagick Studio LLC
Product-enterprise_linux_serversolarisenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_eusmanager_proxyenterprise_linux_for_power_big_endian_eusopenstack_cloudenterprise_linux_for_power_little_endianlinux_enterprise_desktopmanagerenterprise_linux_server_supplementary_euslinuxenterprise_linux_for_power_big_endianlinux_enterprise_software_development_kitenterprise_linux_server_ausenterprise_linux_for_ibm_z_systemsenterprise_linux_hpc_nodeleapopensuseenterprise_linux_desktopimagemagickubuntu_linuxenterprise_linux_server_tusenterprise_linux_workstationenterprise_linux_server_from_rhuilinux_enterprise_workstation_extensionenterprise_linux_hpc_node_euslinux_enterprise_serverlinux_enterprise_debuginfon/aImageMagick
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2021-20253
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.28% / 50.77%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 17:14
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-ansible_toweransible-tower
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2015-1350
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.57%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, Inc
Product-enterprise_linuxlinux_kernelenterprise_mrgn/a
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2020-1726
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.16% / 37.71%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 19:45
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.

Action-Not Available
Vendor-libpod_projectTheRed Hat, Inc.
Product-libpodopenshift_container_platformenterprise_linuxpodman
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2018-19637
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-2.8||LOW
EPSS-0.04% / 10.76%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-16 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Static temporary filename allows overwriting of files

Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection

Action-Not Available
Vendor-openSUSESUSE
Product-supportutilssupportutils
CWE ID-CWE-377
Insecure Temporary File
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-17955
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-2.2||LOW
EPSS-0.04% / 10.76%
||
7 Day CHG~0.00%
Published-15 Mar, 2019 | 20:00
Updated-16 Sep, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Static tempfile name allows overwriting of arbitrary files

In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection

Action-Not Available
Vendor-openSUSESUSE
Product-yast2-multipathyast2-multipath
CWE ID-CWE-377
Insecure Temporary File
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-1512
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 20.06%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:42
Updated-08 Nov, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Software Arbitrary File Corruption Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_2000vedge_100_firmwarevedge_100mvedge_5000_firmwarevedge_1000_firmwarevedge_5000vsmart_controllervedge_100b_firmwarevedge_100wm_firmwarevedge_2000_firmwarevedge_1000vedge_100bcatalyst_sd-wan_managervedge_cloudvedge-100b_firmwarevsmart_controller_firmwaresd-wan_vbond_orchestratorvedge-100bvedge_100m_firmwarevedge_100sd-wan_vmanagevedge_cloud_firmwarevedge_100wmCisco SD-WAN Solution
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2021-1256
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.03% / 6.71%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 17:30
Updated-08 Nov, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-3476
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 20.06%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:52
Updated-13 Nov, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosCisco IOS XE Software
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2022-21945
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.63%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 10:05
Updated-17 Sep, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cscreen: usage of fixed path /tmp/cscreen.debug

A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.

Action-Not Available
Vendor-openSUSE
Product-factorycscreenFactory
CWE ID-CWE-377
Insecure Temporary File
CVE-2020-1991
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.33%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 18:41
Updated-17 Sep, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traps: Insecure temporary file vulnerability may allow privilege escalation on Windows

An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS.

Action-Not Available
Vendor-Palo Alto Networks, Inc.Microsoft Corporation
Product-windowstrapsCortex XDRTraps
CWE ID-CWE-377
Insecure Temporary File
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-15111
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.08%
||
7 Day CHG~0.00%
Published-20 Jan, 2018 | 00:00
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.

Action-Not Available
Vendor-keycloak-httpd-client-install_projectjdennis
Product-keycloak-httpd-client-installkeycloak-httpd-client-install
CWE ID-CWE-377
Insecure Temporary File
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
  • Previous
  • 1
  • 2
  • Next
Details not found