CVE-2020-10684

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-10684
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10684.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-10684
Aliases
Downstream
Related
Published
2020-03-24T14:15:12.327Z
Modified
2026-02-24T11:33:33.560095Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker could take advantage of this by altering the ansiblefacts, such as ansiblehosts, users and any other key data which would lead into privilege escalation or code injection.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type
GIT
Repo
https://github.com/ansible/ansible
Events
Introduced
0a07068054090d5b78b27496aa251be74c484b45
Fixed
f78a5b184c6f8b1bc774ed795a2bd36d38f6506b
Introduced
24325a05dfb9104d6d4ec8b488b89e07c2e6d376
Fixed
9e3ccd64b6a233390cd70c314193b6ba1aacfe21
Introduced
2611867fd1dc387ceaa0ffb8ce0f030aafc2a859
Fixed
668cdc3ce88d9d69093a81271b34c69897ef2b57

Affected versions

v2.*
v2.7.0
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10684.json"

Git / gitlab.gnome.org/GNOME/libxml2

Affected ranges

Type
GIT
Repo
https://gitlab.gnome.org/GNOME/libxml2
Events
Introduced
38bbd3412d1c2a2016cf5a1a221ad4010216d28e
Fixed
4b4d3d85165e6bfca23893cf98834c4bc747a96c

Affected versions

Other
CVE-2013-2877
CVE-2014-0191
CVE-2014-3660
CVE-2015-1819
CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499-1
CVE-2015-7499-2
CVE-2015-7500
CVE-2015-7941_1
CVE-2015-7941_2
CVE-2015-7942
CVE-2015-7942-2
CVE-2015-8035
CVE-2015-8242
CVE-2015-8317
CVE-2016-1762
CVE-2016-1833
CVE-2016-1834
CVE-2016-1835
CVE-2016-1836
CVE-2016-1837
CVE-2016-1838
CVE-2016-1839
CVE-2016-1840
CVE-2016-3627
CVE-2016-3705
CVE-2016-4449
CVE-2016-4483
v2.*
v2.9.0
v2.9.1
v2.9.2
v2.9.2-rc1
v2.9.2-rc2
v2.9.3
v2.9.4
v2.9.4-rc1
v2.9.4-rc2
v2.9.5
v2.9.5-rc1
v2.9.5-rc2
v2.9.6-rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10684.json"