redhat/ansible_engine: The latest CVE Vulnerabilities and Exploits for Penetration Test

Last Updated: 2023-05-04

Page content

redhat/ansible_engine Vulnerability Summary

Vendor name: redhat
Product name: ansible_engine
Total vulnerabilities: 26 (as 2023-05-04)

redhat/ansible_engine Vulnerability List

CVE-2021-3583: A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This…

Published: 2021-09-22T12:15:00 Last Modified: 2021-10-05T16:12:00

Summary

A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.

Common Weakness Enumeration (CWE): CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

CWE Description: The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Scores

Impact Score: 4.9
Exploitability Score: 3.9
CVSS: 3.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3583 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1968412

CVE-2021-3532: A flaw was found in Ansible where the secret information present in async_files are getting…

Published: 2021-06-09T12:15:00 Last Modified: 2021-06-21T16:54:00

Summary

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3532 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956464

CVE-2021-3533: A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a…

Published: 2021-06-09T12:15:00 Last Modified: 2021-06-17T17:21:00

Summary

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

Scores

Impact Score: 2.9
Exploitability Score: 1.9
CVSS: 1.2
CVSS Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3533 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956477

CVE-2020-10729: A flaw was found in the use of insufficiently random values in Ansible. Two random password…

Published: 2021-05-27T19:15:00 Last Modified: 2021-12-10T19:57:00

Summary

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.

Common Weakness Enumeration (CWE): CWE-330: Use of Insufficiently Random Values

CWE Description: The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10729 vulnerability.

References

CVE-2021-20228: A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and…

Published: 2021-04-29T16:15:00 Last Modified: 2021-12-10T19:56:00

Summary

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-522: Insufficiently Protected Credentials

CWE Description: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20228 vulnerability.

References

CVE-2020-14365: A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine…

Published: 2020-09-23T13:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature

CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Scores

Impact Score: 9.2
Exploitability Score: 3.9
CVSS: 6.6
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14365 vulnerability.

References

CVE-2020-14330: An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module,…

Published: 2020-09-11T18:15:00 Last Modified: 2021-11-02T17:12:00

Summary

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.

Common Weakness Enumeration (CWE): CWE-116: Improper Encoding or Escaping of Output

CWE Description: The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14330 vulnerability.

References

CVE-2020-14332: A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode…

Published: 2020-09-11T18:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (–check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-117: Improper Output Neutralization for Logs

CWE Description: The software does not neutralize or incorrectly neutralizes output that is written to logs.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14332 vulnerability.

References

CVE-2020-1746: A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and…

Published: 2020-05-12T18:15:00 Last Modified: 2021-10-19T14:14:00

Summary

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 3.4
CVSS: 1.9
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1746 vulnerability.

References

CVE-2020-10685: A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and…

Published: 2020-05-11T14:15:00 Last Modified: 2021-12-21T12:40:00

Summary

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.

Common Weakness Enumeration (CWE): CWE-459: Incomplete Cleanup

CWE Description: The software does not properly “clean up” and remove temporary or supporting resources after they have been used.

Scores

Impact Score: 2.9
Exploitability Score: 3.4
CVSS: 1.9
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10685 vulnerability.

References

CVE-2020-10691: An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when…

Published: 2020-04-30T17:15:00 Last Modified: 2020-05-21T14:49:00

Summary

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

Impact Score: 4.9
Exploitability Score: 3.9
CVSS: 3.6
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10691 vulnerability.

References

CVE-2019-14905: A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8,…

Published: 2020-03-31T17:15:00 Last Modified: 2021-11-02T18:09:00

Summary

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible’s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

Common Weakness Enumeration (CWE): CWE-668: Exposure of Resource to Wrong Sphere

CWE Description: The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14905 vulnerability.

References

CVE-2020-1753: A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all…

Published: 2020-03-16T15:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.

Common Weakness Enumeration (CWE): CWE-214: Invocation of Process Using Visible Sensitive Information

CWE Description: A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1753 vulnerability.

References

CVE-2020-1737: A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the…

Published: 2020-03-09T16:15:00 Last Modified: 2020-06-13T04:15:00

Summary

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1737 vulnerability.

References

CVE-2020-1734: A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the…

Published: 2020-03-03T22:15:00 Last Modified: 2020-05-29T14:11:00

Summary

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.

Common Weakness Enumeration (CWE): CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

CWE Description: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Scores

Impact Score: 6.4
Exploitability Score: 1.9
CVSS: 3.7
CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1734 vulnerability.

References

CVE-2019-14858: A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a…

Published: 2019-10-14T15:15:00 Last Modified: 2019-10-24T23:15:00

Summary

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14858 vulnerability.

References

CVE-2019-14846: In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13,…

Published: 2019-10-08T19:15:00 Last Modified: 2021-08-07T15:15:00

Summary

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.

Common Weakness Enumeration (CWE): CWE-117: Improper Output Neutralization for Logs

CWE Description: The software does not neutralize or incorrectly neutralizes output that is written to logs.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14846 vulnerability.

References

CVE-2018-16876: ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in…

Published: 2019-01-03T15:29:00 Last Modified: 2021-08-04T17:15:00

Summary

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 6.8
CVSS: 3.5
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16876 vulnerability.

References

CVE-2018-16859: Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and…

Published: 2018-11-29T18:29:00 Last Modified: 2019-04-03T09:29:00

Summary

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for ‘become’ passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2018-16859 vulnerability.

References

CVE-2018-16837: Ansible “User” module leaks any data which is passed on as a parameter to ssh-keygen. This could…

Published: 2018-10-23T15:29:00 Last Modified: 2019-10-03T00:03:00

Summary

Ansible “User” module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.

Common Weakness Enumeration (CWE): CWE-311: Missing Encryption of Sensitive Data

CWE Description: The software does not encrypt sensitive or critical information before storage or transmission.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2018-16837 vulnerability.

References

CVE-2016-8647: An input validation vulnerability was found in Ansible’s mysql_user module before 2.2.1.0, which…

Published: 2018-07-26T14:29:00 Last Modified: 2019-10-09T23:20:00

Summary

An input validation vulnerability was found in Ansible’s mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-8647 vulnerability.

References

CVE-2017-7481: Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as…

Published: 2018-07-19T13:29:00 Last Modified: 2021-08-04T17:15:00

Summary

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as ‘unsafe’ and is not evaluated.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-7481 vulnerability.

References

CVE-2018-10875: A flaw was found in ansible. ansible.cfg is read from the current working directory which can be…

Published: 2018-07-13T22:29:00 Last Modified: 2021-08-04T17:14:00

Summary

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

Common Weakness Enumeration (CWE): CWE-426: Untrusted Search Path

CWE Description: The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application’s direct control.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2018-10875 vulnerability.

References

CVE-2018-10855: Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed…

Published: 2018-07-03T01:29:00 Last Modified: 2021-08-04T17:14:00

Summary

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-10855 vulnerability.

References

CVE-2018-10874: In ansible it was found that inventory variables are loaded from current working directory when…

Published: 2018-07-02T13:29:00 Last Modified: 2021-08-04T17:14:00

Summary

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker’s control, allowing to run arbitrary code as a result.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2018-10874 vulnerability.

References

CVE-2018-7750: transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5,…

Published: 2018-03-13T18:29:00 Last Modified: 2021-12-28T13:15:00

Summary

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2018-7750 vulnerability.

Paramiko 2.4.1 - Authentication Bypass by Adam Brown at 2018-10-29

References