CVE-2020-25635
MEDIUMAnsible < 2.10.1 - Sensitive Information Exposure via AWS SSM Connection Plugin
Title source: llmDescription
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/ansible-collections/community.aws/issues/222
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
Scores
CVSS v3
5.0
EPSS
0.0032
EPSS Percentile
23.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-212
Status
published
Products (2)
pypi/ansible
0 - 2.10.1PyPI
redhat/ansible
2.10.1 rc2
Published
Oct 05, 2020
Tracked Since
Feb 18, 2026