Home > Vulnerability Database > CVE-2020-10744

Mend.io Vulnerability Database

CVE-2020-10744

Date: May 15, 2020

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.

Language: Python

Severity Score

5.0

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-10744

Url: https://security-tracker.debian.org/tracker/CVE-2020-10744

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10744

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744

Url: https://www.mend.io/vulnerability-database/CVE-2020-10744

Severity Score

5.0

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Race Conditions

CWE-362

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	3.7
Access Vector (AV):	LOCAL
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-10744

Date: May 15, 2020

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?