rhsa-2020_1544
Vulnerability from csaf_redhat
Published
2020-04-22 14:11
Modified
2024-11-05 22:07
Summary
Red Hat Security Advisory: Ansible security and bug fix update (2.7.17)
Notes
Topic
An update for ansible is now available for Ansible Engine 2.7
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.
The following packages have been upgraded to a newer upstream version:
ansible (2.7.17)
Bug Fix(es):
* CVE-2020-10684 Ansible: code injection when using ansible_facts as a
subkey
* CVE-2020-10685 Ansible: modules which use files encrypted with vault are
not properly cleaned up
* CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive
* CVE-2020-1735 ansible: path injection on dest parameter in fetch module
* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not
check extracted path
* CVE-2020-1739 ansible: svn module leaks password when specified as a
parameter
* CVE-2020-1740 ansible: secrets readable after ansible-vault edit
* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and
ldap_entry modules
See:
https://github.com/ansible/ansible/blob/v2.7.17/changelogs/CHANGELOG-v2.7.rst
for details on bug fixes in this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for ansible is now available for Ansible Engine 2.7\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.7.17)\n\nBug Fix(es):\n* CVE-2020-10684 Ansible: code injection when using ansible_facts as a\nsubkey\n* CVE-2020-10685 Ansible: modules which use files encrypted with vault are\nnot properly cleaned up\n* CVE-2020-1733 ansible: insecure temporary directory when running\nbecome_user from become directive\n* CVE-2020-1735 ansible: path injection on dest parameter in fetch module\n* CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not\ncheck extracted path\n* CVE-2020-1739 ansible: svn module leaks password when specified as a\nparameter\n* CVE-2020-1740 ansible: secrets readable after ansible-vault edit\n* CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and\nldap_entry modules\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.7.17/changelogs/CHANGELOG-v2.7.rst\nfor details on bug fixes in this release.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:1544", "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1801735", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801735" }, { "category": "external", "summary": "1802085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802085" }, { "category": "external", "summary": "1802154", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802154" }, { "category": "external", "summary": "1802178", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802178" }, { "category": "external", "summary": "1802193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802193" }, { "category": "external", "summary": "1805491", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805491" }, { "category": "external", "summary": "1814627", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814627" }, { "category": "external", "summary": "1815519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815519" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1544.json" } ], "title": "Red Hat Security Advisory: Ansible security and bug fix update (2.7.17)", "tracking": { "current_release_date": "2024-11-05T22:07:21+00:00", "generator": { "date": "2024-11-05T22:07:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:1544", "initial_release_date": "2020-04-22T14:11:01+00:00", "revision_history": [ { "date": "2020-04-22T14:11:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-04-22T14:11:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:07:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Ansible Engine 2.7 for RHEL 7 Server", "product": { "name": "Red Hat Ansible Engine 2.7 for RHEL 7 Server", "product_id": "7Server-Ansible-2.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:ansible_engine:2.7::el7" } } } ], "category": "product_family", "name": "Red Hat Ansible Engine" }, { "branches": [ { "category": "product_version", "name": "ansible-0:2.7.17-1.el7ae.noarch", "product": { "name": "ansible-0:2.7.17-1.el7ae.noarch", "product_id": "ansible-0:2.7.17-1.el7ae.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.7.17-1.el7ae?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "ansible-0:2.7.17-1.el7ae.src", "product": { "name": "ansible-0:2.7.17-1.el7ae.src", "product_id": "ansible-0:2.7.17-1.el7ae.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.7.17-1.el7ae?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.7.17-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.7 for RHEL 7 Server", "product_id": "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch" }, "product_reference": "ansible-0:2.7.17-1.el7ae.noarch", "relates_to_product_reference": "7Server-Ansible-2.7" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.7.17-1.el7ae.src as a component of Red Hat Ansible Engine 2.7 for RHEL 7 Server", "product_id": "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" }, "product_reference": "ansible-0:2.7.17-1.el7ae.src", "relates_to_product_reference": "7Server-Ansible-2.7" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Damien Aumaitre", "Nicolas Surbayrole" ], "organization": "Quarkslab" } ], "cve": "CVE-2020-1733", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-01-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801735" } ], "notes": [ { "category": "description", "text": "A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 \u0026\u0026 mkdir -p \u003cdir\u003e\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating \u0027/proc/\u003cpid\u003e/cmdline\u0027.", "title": "Vulnerability description" }, { "category": "summary", "text": "ansible: insecure temporary directory when running become_user from become directive", "title": "Vulnerability summary" }, { "category": "other", "text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1733" }, { "category": "external", "summary": "RHBZ#1801735", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801735" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1733", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1733" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1733" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-22T14:11:01+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "category": "workaround", "details": "This issue can be mitigated by mounting the proc filesystem with hidepid=2 option (https://www.kernel.org/doc/Documentation/filesystems/proc.txt). This way only the user used by Ansible will be able to perform the attack as users on the system will be able to access only their processes /proc/$PID/ directories.\n\nAlso note that mounting proc filesystem with hidepid=2 might require re-mounting it on unpatched kernels, due to a kernel bug (see https://unix.stackexchange.com/questions/584054/why-procfs-mount-option-only-working-on-remount), there will be hidepid=3 in the future (https://patchwork.kernel.org/patch/11310217/).", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ansible: insecure temporary directory when running become_user from become directive" }, { "acknowledgments": [ { "names": [ "Damien Aumaitre", "Nicolas Surbayrole" ], "organization": "Quarkslab" } ], "cve": "CVE-2020-1735", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2020-01-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1802085" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.", "title": "Vulnerability description" }, { "category": "summary", "text": "ansible: path injection on dest parameter in fetch module", "title": "Vulnerability summary" }, { "category": "other", "text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1735" }, { "category": "external", "summary": "RHBZ#1802085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802085" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1735", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1735" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1735" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-22T14:11:01+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "category": "workaround", "details": "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ansible: path injection on dest parameter in fetch module" }, { "acknowledgments": [ { "names": [ "Damien Aumaitre", "Nicolas Surbayrole" ], "organization": "Quarkslab" } ], "cve": "CVE-2020-1737", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2020-02-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1802154" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.", "title": "Vulnerability description" }, { "category": "summary", "text": "ansible: Extract-Zip function in win_unzip module does not check extracted path", "title": "Vulnerability summary" }, { "category": "other", "text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1737" }, { "category": "external", "summary": "RHBZ#1802154", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802154" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1737", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1737" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-22T14:11:01+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "category": "workaround", "details": "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ansible: Extract-Zip function in win_unzip module does not check extracted path" }, { "acknowledgments": [ { "names": [ "Damien Aumaitre", "Nicolas Surbayrole" ], "organization": "Quarkslab" } ], "cve": "CVE-2020-1739", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-01-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1802178" } ], "notes": [ { "category": "description", "text": "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", "title": "Vulnerability description" }, { "category": "summary", "text": "ansible: svn module leaks password when specified as a parameter", "title": "Vulnerability summary" }, { "category": "other", "text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1739" }, { "category": "external", "summary": "RHBZ#1802178", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802178" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1739", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1739" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-22T14:11:01+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "category": "workaround", "details": "Instead of using the parameter \u0027password\u0027 of the subversion module, provide the password with stdin.", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "ansible: svn module leaks password when specified as a parameter" }, { "acknowledgments": [ { "names": [ "Damien Aumaitre", "Nicolas Surbayrole" ], "organization": "Quarkslab" } ], "cve": "CVE-2020-1740", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-01-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1802193" } ], "notes": [ { "category": "description", "text": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.", "title": "Vulnerability description" }, { "category": "summary", "text": "ansible: secrets readable after ansible-vault edit", "title": "Vulnerability summary" }, { "category": "other", "text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1740" }, { "category": "external", "summary": "RHBZ#1802193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802193" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1740" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-22T14:11:01+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "category": "workaround", "details": "Currently, there is no mitigation for this issue except avoid using the \u0027edit\u0027 option from \u0027ansible-vault\u0027 command line tool.", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "ansible: secrets readable after ansible-vault edit" }, { "acknowledgments": [ { "names": [ "Felix Fountein" ] } ], "cve": "CVE-2020-1746", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805491" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "ansible: Information disclosure issue in ldap_attr and ldap_entry modules", "title": "Vulnerability summary" }, { "category": "other", "text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1746" }, { "category": "external", "summary": "RHBZ#1805491", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805491" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1746", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1746" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1746", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1746" } ], "release_date": "2020-02-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-22T14:11:01+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "category": "workaround", "details": "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "ansible: Information disclosure issue in ldap_attr and ldap_entry modules" }, { "acknowledgments": [ { "names": [ "Damien Aumaitre", "Nicolas Surbayrole" ], "organization": "Quarkslab" } ], "cve": "CVE-2020-10684", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "discovery_date": "2020-01-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815519" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "Ansible: code injection when using ansible_facts as a subkey", "title": "Vulnerability summary" }, { "category": "other", "text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10684" }, { "category": "external", "summary": "RHBZ#1815519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815519" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10684", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10684" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10684", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10684" } ], "release_date": "2020-03-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-22T14:11:01+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "category": "workaround", "details": "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", "version": "3.1" }, "products": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Ansible: code injection when using ansible_facts as a subkey" }, { "acknowledgments": [ { "names": [ "Damien Aumaitre", "Nicolas Surbayrole" ], "organization": "Quarkslab" } ], "cve": "CVE-2020-10685", "cwe": { "id": "CWE-459", "name": "Incomplete Cleanup" }, "discovery_date": "2020-01-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1814627" } ], "notes": [ { "category": "description", "text": "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.", "title": "Vulnerability description" }, { "category": "summary", "text": "Ansible: modules which use files encrypted with vault are not properly cleaned up", "title": "Vulnerability summary" }, { "category": "other", "text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10685" }, { "category": "external", "summary": "RHBZ#1814627", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814627" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10685", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-22T14:11:01+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "category": "workaround", "details": "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.17-1.el7ae.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Ansible: modules which use files encrypted with vault are not properly cleaned up" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.