CVE-2020-25636

NameCVE-2020-25636
DescriptionA flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ansible (PTS)bullseye2.10.7+merged+base+2.10.17+dfsg-0+deb11u1fixed
bullseye (security)2.10.7+merged+base+2.10.17+dfsg-0+deb11u3fixed
bookworm7.7.0+dfsg-3+deb12u1fixed
trixie12.0.0~a6+dfsg-1fixed
forky, sid12.0.0+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ansiblesource(unstable)(not affected)

Notes

- ansible <not-affected> (Vulnerable connection/aws_ssm plugin not included)
https://github.com/ansible-collections/community.aws/issues/221
Search for package or bug name: Reporting problems