CVE-2020-10744: Exposure of Resource to Wrong Sphere

May 15, 2020 (updated May 29, 2020)

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744
nvd.nist.gov/vuln/detail/CVE-2020-10744

Detect and mitigate CVE-2020-10744 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →