What is CVE-2020-1737?

CVE-2020-1737 is a high-severity vulnerability in Red Hat Ansible, classified under Path Traversal. CVSS score: 7.5/10. Published 2020-03-09.

How severe is CVE-2020-1737?

High severity. CVSS v3 base score is 7.5 out of 10.

Path Traversal in Red Hat Ansible

CVE-2020-1737

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (36.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Red Hat Ansible — versions 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior

Weakness classification (CWE)

CWE-22 — Path Traversal

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
github.com/ansible/ansible/issues/67795 (x_refsource_MISC)
FEDORA-2020-a3f12bcff4 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-0cab7041f7 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-87f5e1e829 (vendor-advisory, x_refsource_FEDORA)
GLSA-202006-11 (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2020-1737?: CVE-2020-1737 is a high-severity vulnerability in Red Hat Ansible, classified under Path Traversal. CVSS score: 7.5/10. Published 2020-03-09.
How severe is CVE-2020-1737?: High severity. CVSS v3 base score is 7.5 out of 10.