How severe is CVE-2020-1740?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2020-1740?

This is classified as CWE-377, which is a common weakness in software security.

CVE-2020-1740 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Related Vulnerabilities

CVE-2018-19638

MEDIUM

CVSS:4.7(Medium)

In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to coll...

CWE-3772018

CVE-2018-6704

MEDIUM

CVSS:4.7(Medium)

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

CWE-3772018

CVE-2020-35451

MEDIUM

CVSS:4.7(Medium)

There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.

CWE-3772020

CVE-2023-2800

MEDIUM

CVSS:4.7(Medium)

Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.

CWE-3772023

CVE-2020-10744

MEDIUM

CVSS:5.0(Medium)

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the ...

CWE-3772020

CVE-2020-1733

MEDIUM

CVSS:5.0(Medium)

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with b...

CWE-3772020