How severe is CVE-2020-1733?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2020-1733?

This is classified as CWE-377, which is a common weakness in software security.

CVE-2020-1733

MEDIUM Year: 2020

CVSS v3 Score

5.0

Medium

CVSS v2 Score

3.7

Low

Weakness Type

CWE-377

View all →

Vulnerability Description

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.

CVE-2020-10744

MEDIUM

CVSS:5.0(Medium)

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the ...

CWE-3772020

CVE-2024-34490

MEDIUM

CVSS:5.1(Medium)

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with ...

CWE-3772024

CVE-2018-19638

MEDIUM

CVSS:4.7(Medium)

In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to coll...

CWE-3772018

CVE-2018-6704

MEDIUM

CVSS:4.7(Medium)

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

CWE-3772018

CVE-2020-1740

MEDIUM

CVSS:4.7(Medium)

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, a...

CWE-3772020

CVE-2020-35451

MEDIUM

CVSS:4.7(Medium)

There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.

CWE-3772020

CVE-2020-1733

Vulnerability Description

Related Vulnerabilities

CVE-2020-10744

CVE-2024-34490

CVE-2018-19638

CVE-2018-6704

CVE-2020-1740

CVE-2020-35451