CVE-2020-1735
- Source
- https://cve.org/CVERecord?id=CVE-2020-1735
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1735.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-1735
- Aliases
- Downstream
- Related
- Published
- 2020-03-16T16:15:13.890Z
- Modified
- 2026-04-16T00:05:29.924504251Z
- Severity
-
- 4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "3.3.4" }, { "introduced": "3.3.5" }, { "last_affected": "3.4.5" }, { "introduced": "3.5.0" }, { "last_affected": "3.5.5" }, { "introduced": "3.6.0" }, { "last_affected": "3.6.3" } ], "cpe": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "5.0" } ], "cpe": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "13" } ], "cpe": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "10.0" } ], "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "30" } ], "cpe": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "31" } ], "cpe": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "32" } ], "cpe": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" } ] }- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
- https://security.gentoo.org/glsa/202006-11
- https://www.debian.org/security/2021/dsa-4950
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
- https://github.com/ansible/ansible/issues/67793
Affected packages
Git / github.com/ansible/ansible
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ansible/ansible
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "fixed": "2.7.17" }, { "introduced": "2.8.0" }, { "fixed": "2.8.11" }, { "introduced": "2.9.0" }, { "fixed": "2.9.7" } ], "cpe": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }
Affected versions
0.*
0.0.1
0.01
0.3
0.7
v1.*
v1.0
v1.1
v1.2
v1.4.0
v1.6.0
v2.*
v2.0.0-0.1.alpha1
v2.0.0-0.2.alpha2
v2.0.0-0.3.beta1
v2.0.0-0.4.beta2
v2.0.0-0.5.beta3
v2.6.0a1
v2.7.0
v2.7.0.a1
v2.7.0b1
v2.7.0rc1
v2.7.0rc2
v2.7.0rc3
v2.7.0rc4
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.10
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6