DEBIAN-CVE-2020-1738

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2020-1738

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-1738.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-1738

Upstream

CVE-2020-1738

Published

2020-03-16T16:15:14Z

Modified

2025-09-18T05:20:11Z

Summary

[none]

Details

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

References

https://security-tracker.debian.org/tracker/CVE-2020-1738

Affected packages

Debian:11 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / ansible

Package

Name: ansible
Purl: pkg:deb/debian/ansible?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}