VDB
CVE-2020-10744
CVE-2020-10744
PUBLISHED
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.
EPSS 0.04% · 11.9th percentile
Risk Scores
EPSS Score
0.04%
11.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | ansible | 0, 2.9.4+dfsg-1, 2.9.6+dfsg-1 |
| Ubuntu:Pro:16.04:LTS | ansible | 2.0.0.2-2ubuntu1.3, 1.9.4-1, 0 |
| Ubuntu:Pro:18.04:LTS | ansible | 2.3.1.0+dfsg-2, 2.5.0+dfsg-1, 2.5.1+dfsg-1ubuntu0.1 |
Timeline
- May 15, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-10744 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1835566 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744 third-party-advisory
- https://ubuntu.com/security/notices/USN-5315-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-10744 third-party-advisory