CVE-2020-10744
Description
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.
Risk Information
Base Score
5.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS Score
Exploitation Probability
0.038
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-10744,CVE-2020-1734 are fixed in Python-ansible 2.10.0rc1 | Windows |
| Vulnerabilities CVE-2020-10744,CVE-2020-14332 are fixed in Python-ansible 2.9.12 | Windows |
| Vulnerabilities CVE-2020-10744,CVE-2020-1734 are fixed in Python-ansible for linux 2.10.0rc1 | Linux |
| Vulnerabilities CVE-2020-10744,CVE-2020-14332 are fixed in Python-ansible for linux 2.9.12 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234