CVE-2020-1735: Path Traversal in Ansible
4.6
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.13631%
CWE
Published
4/7/2021
Updated
9/9/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
ansible | pip | >= 2.7.0a1, < 2.7.18 | 2.7.18 |
ansible | pip | >= 2.8.0a1, < 2.8.12 | 2.8.12 |
ansible | pip | >= 2.9.0a1, < 2.9.8 | 2.9.8 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from how the fetch
module handles remote file paths. The code in fetch.py
used the 'source' parameter from the remote host's slurp response (remote_source) to build destination paths without proper validation. Attackers could supply malicious paths with directory traversal sequences. The GitHub issue (#67793) and commit diff show the fix involved avoiding slurp return values for destination setup and adding path safety checks, confirming the vulnerable pattern was in the destination path construction logic of the fetch
action module.