Candidate: CVE-2020-1739
PublicDate: 2020-03-12 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739
 https://bugzilla.redhat.com/show_bug.cgi?id=1802178
Description:
 A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5
 and prior when a password is set with the argument "password" of svn
 module, it is used on svn command line, disclosing to other users within
 the same node. An attacker could take advantage by reading the cmdline file
 from that particular PID on the procfs.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N [3.9 LOW]


Patches_ansible:
upstream_ansible: released (2.9.7+dfsg-1, 1.7.2+dfsg-2+deb9u3)
precise/esm_ansible: DNE
trusty_ansible: ignored (out of standard support)
trusty/esm_ansible: needed
xenial_ansible: ignored (end of standard support, was needed)
bionic_ansible: needed
eoan_ansible: ignored (reached end-of-life)
focal_ansible: needed
groovy_ansible: not-affected (2.9.7+dfsg-1)
hirsute_ansible: not-affected (2.9.7+dfsg-1)
impish_ansible: not-affected (2.9.7+dfsg-1)
jammy_ansible: not-affected (2.9.7+dfsg-1)
devel_ansible: not-affected (2.9.7+dfsg-1)