{"api_version":"1","generated_at":"2026-04-22T22:49:13+00:00","cve":"CVE-2020-25636","urls":{"html":"https://cve.report/CVE-2020-25636","api":"https://cve.report/api/cve/CVE-2020-25636.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-25636","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-25636"},"summary":{"title":"CVE-2020-25636","description":"A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-10-05 13:15:00","updated_at":"2023-11-07 03:20:00"},"problem_types":["CWE-552"],"metrics":[],"references":[{"url":"https://github.com/ansible-collections/community.aws/issues/221","name":"https://github.com/ansible-collections/community.aws/issues/221","refsource":"MISC","tags":["Third Party Advisory"],"title":"aws_ssm connection plugin should namespace its file transfers · Issue #221 · ansible-collections/community.aws · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636","refsource":"CONFIRM","tags":["Issue Tracking","Vendor Advisory"],"title":"1880274 – (CVE-2020-25636) CVE-2020-25636 Collections: aws_ssm connection plugin should namespace its file transfers","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-25636","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25636","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"25636","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"ansible","cpe6":"2.10.1","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25636","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"ansible","cpe6":"2.10.1","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-25636","qid":"691129","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for py (e1b77733-a982-442e-8796-a200571bfcf2)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-25636","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"AWS Community","product":{"product_data":[{"product_name":"Community Collections","version":{"version_data":[{"version_value":" from 1.0.0 to 1.2.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-552"}]},{"description":[{"lang":"eng","value":"CWE-377"}]}]},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636","refsource":"CONFIRM"},{"url":"https://github.com/ansible-collections/community.aws/issues/221","refsource":"MISC","name":"https://github.com/ansible-collections/community.aws/issues/221"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability."}]},"impact":{"cvss":[[{"vectorString":"6.6/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H","version":"3.0"}]]}},"nvd":{"publishedDate":"2020-10-05 13:15:00","lastModifiedDate":"2023-11-07 03:20:00","problem_types":["CWE-552"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":3.6},"severity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:ansible:2.10.1:rc2:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"25636","Ordinal":"187053","Title":"CVE-2020-25636","CVE":"CVE-2020-25636","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"25636","Ordinal":"1","NoteData":"A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"25636","Ordinal":"2","NoteData":"2020-10-05","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"25636","Ordinal":"3","NoteData":"2020-10-05","Type":"Other","Title":"Modified"}]}}}