CVE-2020-1739

CVSS v3.1

3.9

Low

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Ansible versions 2.7.16 and prior Ansible versions 2.8.8 and prior Ansible versions 2.9.5 and prior

Description A flaw was found in Ansible when a password is set with the argument password of the svn module, it is used on the svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. The vulnerability is related to information disclosure and could allow an attacker to access confidential data and compromise its integrity.

Recommendations For Ansible versions 2.7.16 and prior, consider disabling the password argument of the svn module until a patch is available. For Ansible versions 2.8.8 and prior, restrict access to the svn module to minimize the risk of exploitation. For Ansible versions 2.9.5 and prior, avoid using the password argument in the svn module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2020-1453

ALT-PU-2020-1490

ALT-PU-2020-2050

ALT-PU-2020-2069

BDU:2022-00284

CVE-2020-1739

DLA-2202-1

DSA-4950-1

GHSA-923P-FR2C-G5M2

MGASA-2020-0217

OESA-2021-1349

OESA-2022-1950

OPENSUSE-SU-2022:0081-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

OPENSUSE-SU-2026:10944-1

PYSEC-2020-11

RHSA-2020:1541

RHSA-2020:1542

RHSA-2020:1543

RHSA-2020:1544

SUSE-SU-2020:3309-1

USN-7330-1

USN-7330-2

Affected Products

Alt Linux

Ansible

Ansible-Core

Astra Linux

Linuxmint

Ubuntu

CVE-2020-1739

Weakness Enumeration

Related Identifiers

Affected Products

References · 215