CVE-2020-1738

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1738

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1738.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-1738

Aliases

Downstream

DEBIAN-CVE-2020-1738

OESA-2021-1349

SUSE-SU-2020:3309-1

UBUNTU-CVE-2020-1738

openSUSE-SU-2022:0081-1

openSUSE-SU-2024:10615-1

openSUSE-SU-2024:14244-1

openSUSE-SU-2024:14536-1

Related

Published

2020-03-16T16:15:14Z

Modified

2025-10-07T23:32:04.119914Z

Severity

3.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Last affected

8fd406ee8e3a14be72b3cbbfe91d03fe35952f95

Introduced

24325a05dfb9104d6d4ec8b488b89e07c2e6d376

Last affected

9388be4269bdf83406bfa9245142de8b7dc8cfbc

Introduced

2611867fd1dc387ceaa0ffb8ce0f030aafc2a859

Last affected

d28e4b63c7b70acbaf0a1fedd53c91b6686574a0

Affected versions

v2.*

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.9.0

v2.9.1

v2.9.2

v2.9.3

v2.9.4

v2.9.5