redhat/ansible_tower: The latest CVE Vulnerabilities and Exploits for Penetration Test

redhat/ansible_tower Vulnerability Summary

• Vendor name: redhat
• Product name: ansible_tower
• Total vulnerabilities: 65 (as 2023-05-04)

redhat/ansible_tower Vulnerability List

CVE-2021-3583: A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This…

Published: 2021-09-22T12:15:00 Last Modified: 2021-10-05T16:12:00

Summary

A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.

Common Weakness Enumeration (CWE): CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

CWE Description: The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Scores

• Impact Score: 4.9
• Exploitability Score: 3.9
• CVSS: 3.6
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3583 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1968412

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-3532: A flaw was found in Ansible where the secret information present in async_files are getting…

Published: 2021-06-09T12:15:00 Last Modified: 2021-06-21T16:54:00

Summary

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3532 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1956464

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-3533: A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a…

Published: 2021-06-09T12:15:00 Last Modified: 2021-06-17T17:21:00

Summary

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

Scores

• Impact Score: 2.9
• Exploitability Score: 1.9
• CVSS: 1.2
• CVSS Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: HIGH
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3533 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1956477

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14327: A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and…

Published: 2021-05-27T20:15:00 Last Modified: 2021-06-07T18:41:00

Summary

A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response.

Common Weakness Enumeration (CWE): CWE-918: Server-Side Request Forgery (SSRF)

CWE Description: This entry has been deprecated. It originally came from PLOVER, which sometimes defined “other” and “miscellaneous” categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14327 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1856785

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14328: A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw…

Published: 2021-05-27T20:15:00 Last Modified: 2021-06-07T18:37:00

Summary

A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality.

Common Weakness Enumeration (CWE): CWE-918: Server-Side Request Forgery (SSRF)

CWE Description: This entry has been deprecated. It originally came from PLOVER, which sometimes defined “other” and “miscellaneous” categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14328 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1856786

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14329: A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data…

Published: 2021-05-27T20:15:00 Last Modified: 2021-06-07T18:37:00

Summary

A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14329 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1856787

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10697: A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is…

Published: 2021-05-27T19:15:00 Last Modified: 2021-06-08T01:47:00

Summary

A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which memcached is designed. Theoretically, more sophisticated attacks can be performed by manipulating and crafting the cache, as Tower relies on memcached as a place to pull out setting values. Confidential and sensitive data stored in memcached should not be pulled, as this information is encrypted. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.

Common Weakness Enumeration (CWE): CWE-862: Missing Authorization

CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Scores

• Impact Score: 4.9
• Exploitability Score: 3.9
• CVSS: 3.6
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10697 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1818445

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10698: A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the…

Published: 2021-05-27T19:15:00 Last Modified: 2021-06-07T20:07:00

Summary

A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10698 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1818924

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10709: A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2…

Published: 2021-05-27T19:15:00 Last Modified: 2021-06-08T01:45:00

Summary

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. This flaw affects Ansible Tower versions before 3.6.4 and Ansible Tower versions before 3.5.6.

Common Weakness Enumeration (CWE): CWE-672: Operation on a Resource after Expiration or Release

CWE Description: The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Scores

• Impact Score: 4.9
• Exploitability Score: 3.9
• CVSS: 3.6
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10709 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1824033

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-20191: A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by…

Published: 2021-05-26T21:15:00 Last Modified: 2021-06-03T13:59:00

Summary

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20191 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1916813

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-20178: A flaw was found in ansible module where credentials are disclosed in the console log by default…

Published: 2021-05-26T12:15:00 Last Modified: 2021-06-03T15:57:00

Summary

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20178 vulnerability.

References

• https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes ,
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/
• https://bugzilla.redhat.com/show_bug.cgi?id=1914774
• https://github.com/ansible-collections/community.general/pull/1635 ,

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-20228: A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and…

Published: 2021-04-29T16:15:00 Last Modified: 2021-12-10T19:56:00

Summary

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-522: Insufficiently Protected Credentials

CWE Description: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20228 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1925002
• https://github.com/ansible/ansible/pull/73487
• https://www.debian.org/security/2021/dsa-4950

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-3447: A flaw was found in several ansible modules, where parameters containing credentials, such as…

Published: 2021-04-01T18:15:00 Last Modified: 2021-06-03T13:47:00

Summary

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3447 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1939349
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-20253: A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape…

Published: 2021-03-09T18:15:00 Last Modified: 2021-06-02T16:35:00

Summary

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-552: Files or Directories Accessible to External Parties

CWE Description: The product makes files or directories accessible to unauthorized actors, even though they should not be.

Scores

• Impact Score: 6.4
• Exploitability Score: 1.5
• CVSS: 3.5
• CVSS Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: SINGLE
• Complexity: HIGH
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20253 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1928847

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14365: A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine…

Published: 2020-09-23T13:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature

CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Scores

• Impact Score: 9.2
• Exploitability Score: 3.9
• CVSS: 6.6
• CVSS Vector: AV:L/AC:L/Au:N/C:N/I:C/A:C

Impact

• Availability: COMPLETE
• Confidentiality: NONE
• Integrity: COMPLETE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14365 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1869154
• https://www.debian.org/security/2021/dsa-4950

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14337: A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return…

Published: 2020-07-31T13:15:00 Last Modified: 2020-08-11T17:03:00

Summary

A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality.

Common Weakness Enumeration (CWE): CWE-209: Generation of Error Message Containing Sensitive Information

CWE Description: The software generates an error message that includes sensitive information about its environment, users, or associated data.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-14337 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1859139

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10782: An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive…

Published: 2020-06-18T13:15:00 Last Modified: 2021-10-26T20:06:00

Summary

An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.

Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource

CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10782 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10782

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10744: An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary…

Published: 2020-05-15T14:15:00 Last Modified: 2020-05-29T14:10:00

Summary

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.

Common Weakness Enumeration (CWE): CWE-668: Exposure of Resource to Wrong Sphere

CWE Description: The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Scores

• Impact Score: 6.4
• Exploitability Score: 1.9
• CVSS: 3.7
• CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: HIGH
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10744 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1746: A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and…

Published: 2020-05-12T18:15:00 Last Modified: 2021-10-19T14:14:00

Summary

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 3.4
• CVSS: 1.9
• CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1746 vulnerability.

References

• https://github.com/ansible/ansible/pull/67866
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746
• https://www.debian.org/security/2021/dsa-4950

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10685: A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and…

Published: 2020-05-11T14:15:00 Last Modified: 2021-12-21T12:40:00

Summary

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.

Common Weakness Enumeration (CWE): CWE-459: Incomplete Cleanup

CWE Description: The software does not properly “clean up” and remove temporary or supporting resources after they have been used.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.4
• CVSS: 1.9
• CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10685 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685
• https://github.com/ansible/ansible/pull/68433
• https://security.gentoo.org/glsa/202006-11
• https://www.debian.org/security/2021/dsa-4950

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10691: An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when…

Published: 2020-04-30T17:15:00 Last Modified: 2020-05-21T14:49:00

Summary

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

• Impact Score: 4.9
• Exploitability Score: 3.9
• CVSS: 3.6
• CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10691 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10691
• https://github.com/ansible/ansible/pull/68596

See also: All popular products CVE Vulnerabilities of redhat

CVE-2019-14905: A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8,…

Published: 2020-03-31T17:15:00 Last Modified: 2021-11-02T18:09:00

Summary

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible’s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

Common Weakness Enumeration (CWE): CWE-668: Exposure of Resource to Wrong Sphere

CWE Description: The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Scores

• Impact Score: 6.4
• Exploitability Score: 3.9
• CVSS: 4.6
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14905 vulnerability.

References

• https://access.redhat.com/errata/RHSA-2020:0218
• https://access.redhat.com/errata/RHSA-2020:0216
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905
• http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
• http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10684: A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9…

Published: 2020-03-24T14:15:00 Last Modified: 2021-12-20T22:54:00

Summary

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.

Common Weakness Enumeration (CWE): CWE-862: Missing Authorization

CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Scores

• Impact Score: 4.9
• Exploitability Score: 3.9
• CVSS: 3.6
• CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10684 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
• https://security.gentoo.org/glsa/202006-11
• https://www.debian.org/security/2021/dsa-4950

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1738: A flaw was found in Ansible Engine when the module package or service is used and the parameter…

Published: 2020-03-16T16:15:00 Last Modified: 2021-08-04T17:14:00

Summary

A flaw was found in Ansible Engine when the module package or service is used and the parameter ‘use’ is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Common Weakness Enumeration (CWE): CWE-88: Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)

CWE Description: The software constructs a string for a command to executed by a separate componentin another control sphere, but it does not properly delimit theintended arguments, options, or switches within that command string.

Scores

• Impact Score: 4.9
• Exploitability Score: 1.9
• CVSS: 2.6
• CVSS Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: HIGH
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1738 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738
• https://github.com/ansible/ansible/issues/67796
• https://security.gentoo.org/glsa/202006-11

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1740: A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a…

Published: 2020-03-16T16:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes “ansible-vault edit”, another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Common Weakness Enumeration (CWE): CWE-377: Insecure Temporary File

CWE Description: Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.4
• CVSS: 1.9
• CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1740 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
• https://github.com/ansible/ansible/issues/67798
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
• https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
• https://security.gentoo.org/glsa/202006-11
• https://www.debian.org/security/2021/dsa-4950

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1735: A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept…

Published: 2020-03-16T16:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

• Impact Score: 4.9
• Exploitability Score: 3.9
• CVSS: 3.6
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1735 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
• https://github.com/ansible/ansible/issues/67793
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
• https://security.gentoo.org/glsa/202006-11
• https://www.debian.org/security/2021/dsa-4950

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1736: A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file…

Published: 2020-03-16T16:15:00 Last Modified: 2021-08-04T17:14:00

Summary

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource

CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1736 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
• https://github.com/ansible/ansible/issues/67794
• https://security.gentoo.org/glsa/202006-11
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1753: A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all…

Published: 2020-03-16T15:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.

Common Weakness Enumeration (CWE): CWE-214: Invocation of Process Using Visible Sensitive Information

CWE Description: A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1753 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753
• https://github.com/ansible-collections/kubernetes/pull/51
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
• https://security.gentoo.org/glsa/202006-11
• https://www.debian.org/security/2021/dsa-4950

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1739: A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a…

Published: 2020-03-12T18:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument “password” of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 4.9
• Exploitability Score: 3.4
• CVSS: 3.3
• CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1739 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
• https://github.com/ansible/ansible/issues/67797
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
• https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
• https://www.debian.org/security/2021/dsa-4950

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1733: A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and…

Published: 2020-03-11T19:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with “umask 77 && mkdir -p