CVE-2020-1736

LOW Year: 2020
CVSS v3 Score
3.3
Low
CVSS v2 Score
2.1
Low
Weakness Type
CWE-732
View all →

Vulnerability Description

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Related Vulnerabilities

CVE-2012-6655

LOW
CVSS:3.3(Low)

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

CWE-7322012

CVE-2016-4983

LOW
CVSS:3.3(Low)

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

CWE-7322016

CVE-2017-1699

LOW
CVSS:3.3(Low)

IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files ...

CWE-7322017

CVE-2017-1716

LOW
CVSS:3.3(Low)

IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.

CWE-7322017

CVE-2018-12209

LOW
CVSS:3.3(Low)

Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.506...

CWE-7322018

CVE-2018-20936

LOW
CVSS:3.3(Low)

cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).

CWE-7322018