CVE-2020-1733

MEDIUM

Ansible Engine <2.7.17, <2.8.9, <2.9.6 - Privilege Escalation

Title source: llm
STIX 2.1

Description

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.

References (8)

Scores

CVSS v3 5.0
EPSS 0.0003
EPSS Percentile 7.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Details

CWE
CWE-362 CWE-377
Status published
Products (10)
debian/debian_linux 8.0
debian/debian_linux 10.0
fedoraproject/fedora 30
fedoraproject/fedora 31
fedoraproject/fedora 32
pypi/ansible 0 - 2.7.17PyPI
redhat/ansible < 2.7.16
redhat/ansible_tower < 3.3.4
redhat/cloudforms_management_engine 5.0
redhat/openstack 13
Published Mar 11, 2020
Tracked Since Feb 18, 2026