CVE-2020-1740

LOW

Ansible < 2.7.17 - Insecure Temporary File Handling in Vault Edit

Title source: llm
STIX 2.1

Description

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

References (8)

Core 8
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/ansible/ansible/issues/67798
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202006-11
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4950

Scores

CVSS v3 3.9
EPSS 0.0037
EPSS Percentile 29.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-377 CWE-200
Status published
Products (10)
debian/debian_linux 8.0
debian/debian_linux 10.0
fedoraproject/fedora 30
fedoraproject/fedora 31
fedoraproject/fedora 32
pypi/ansible 0 - 2.7.17PyPI
redhat/ansible < 2.7.17
redhat/ansible_tower < 3.3.4
redhat/cloudforms_management_engine 5.0
redhat/openstack 13
Published Mar 16, 2020
Tracked Since Feb 18, 2026