—

PYSEC-2020-10

상세

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / ansible

최초 영향 버전: 0 수정 버전: 2.7.17

수정 pip install --upgrade 'ansible>=2.7.17'

참고

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738 [REPORT]
https://github.com/ansible/ansible/issues/67796 [REPORT]
https://security.gentoo.org/glsa/202006-11 [ADVISORY]
https://github.com/advisories/GHSA-f85h-23mf-2fwh [ADVISORY]