FKIE_CVE-2020-10685

Vulnerability from fkie_nvd - Published: 2020-05-11 14:15 - Updated: 2024-11-21 04:55
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.
References
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685Issue Tracking, Patch, Vendor Advisory
secalert@redhat.comhttps://github.com/ansible/ansible/pull/68433Patch, Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/202006-11Third Party Advisory
secalert@redhat.comhttps://www.debian.org/security/2021/dsa-4950Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/ansible/ansible/pull/68433Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202006-11Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4950Third Party Advisory
Impacted products
Vendor Product Version
redhat ansible_engine *
redhat ansible_engine *
redhat ansible_engine *
redhat ansible_tower *
redhat ansible_tower *
redhat ansible_tower *
redhat ceph_storage 2.0
redhat ceph_storage 3.0
redhat openstack 10
redhat openstack 13
redhat openstack 15
redhat storage 3.0
debian debian_linux 10.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0375B0-E0E4-4132-B985-2DB223E70D83",
              "versionEndExcluding": "2.7.17",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8700FFBF-0D48-4633-AAB2-DB49729D92C6",
              "versionEndExcluding": "2.8.11",
              "versionStartIncluding": "2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CB17437-BAA5-41DF-B0EB-857441A81804",
              "versionEndExcluding": "2.9.7",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DB70EF-4BFD-43A3-83B9-8B92CF82FED4",
              "versionEndIncluding": "3.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2062F74-68D8-4E75-BC69-6038B519F823",
              "versionEndIncluding": "3.5.5",
              "versionStartIncluding": "3.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "342D4A63-0972-413B-BD65-0495DBF1CDFB",
              "versionEndIncluding": "3.6.3",
              "versionStartIncluding": "3.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D07DF15E-FE6B-4DAF-99BB-2147CF7D7EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "516F4E8E-ED2F-4282-9DAB-D8B378F61258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
              "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "70108B60-8817-40B4-8412-796A592E4E5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "379A5883-F6DF-41F5-9403-8D17F6605737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un fallo en Ansible Engine que afectaba a Ansible Engine versiones 2.7.x anteriores a 2.7.17 y versiones 2.8.x anteriores a 2.8.11 y versiones 2.9.x anteriores a 2.9.7, as\u00ed como a Ansible Tower versiones anteriores e incluyendo a 3.4.5 y 3.5.5 y 3.6.3 cuando se usan m\u00f3dulos que descifran archivos del almac\u00e9n tales como assemble, script, unarchive, win_copy, aws_s3 o m\u00f3dulos de copia. El directorio temporal que es creado en /tmp deja la s ts sin cifrar. En los sistemas operativos que /tmp no es un tmpfs sino parte de la partici\u00f3n root, el directorio solo es borrado en el arranque y el descifrado permanece cuando el host est\u00e1 apagado. El sistema ser\u00e1 vulnerable cuando el sistema no se est\u00e9 ejecutando. Por lo tanto, los datos descifrados necesitan ser borrados lo antes posible y los datos que normalmente est\u00e1n cifrados disponibles."
    }
  ],
  "id": "CVE-2020-10685",
  "lastModified": "2024-11-21T04:55:51.027",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-11T14:15:11.853",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ansible/ansible/pull/68433"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-11"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ansible/ansible/pull/68433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4950"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-459"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-459"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.