Errata ALT-PU-2020-1453-1: Information
Fixes
Published: Oct. 11, 2019
BDU:2020-02164
Уязвимость системы управления конфигурациями Ansible, связана с раскрытием информации через регистрационные файлы, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: March 10, 2020
BDU:2020-02200
Уязвимость системы управления конфигурациями Ansible, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Jan. 2, 2020
BDU:2020-03324
Уязвимость модулей Splunk и Sumologic системы управления конфигурациями Ansible, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: March 9, 2020
BDU:2020-05681
Уязвимость модуля win_unzip системы управления конфигурациями Ansible, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5) Vector: AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Links:
Published: March 24, 2020
BDU:2020-05829
Уязвимость системы управления конфигурациями Ansible, связанная с ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Severity: LOW (3.6)
Links:
Published: Aug. 26, 2020
BDU:2021-03714
Уязвимость модуля solaris_zone системы управления конфигурациями Ansible, связанная с отсутствием мер по очистке входных данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.3) Vector: AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
Links:
Published: March 11, 2020
BDU:2022-00282
Уязвимость системы управления конфигурациями Ansible, связанная с небезопасными временными файлами, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: MEDIUM (5.0) Vector: AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Links:
Published: March 12, 2020
BDU:2022-00284
Уязвимость модуля svn системы управления конфигурациями Ansible, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
Links:
Published: March 31, 2020
BDU:2022-03971
Уязвимость модуля nxos_file_copy системы управления конфигурациями Ansible, позволяющая нарушителю выполнить произвольные команды
Severity: MEDIUM (5.6) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Links:
Published: Oct. 8, 2019
Modified: April 22, 2022
Modified: April 22, 2022
CVE-2019-14846
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846
- https://github.com/ansible/ansible/pull/63366
- RHSA-2019:3207
- RHSA-2019:3201
- RHSA-2019:3202
- RHSA-2019:3203
- RHSA-2020:0756
- openSUSE-SU-2020:0513
- openSUSE-SU-2020:0523
- [debian-lts-announce] 20200505 [SECURITY] [DLA 2202-1] ansible security update
- [debian-lts-announce] 20210127 [SECURITY] [DLA 2535-1] ansible security update
- DSA-4950
Published: Nov. 26, 2019
Modified: Aug. 4, 2021
Modified: Aug. 4, 2021
CVE-2019-14856
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Jan. 2, 2020
Modified: April 22, 2022
Modified: April 22, 2022
CVE-2019-14864
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Aug. 26, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-14904
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
Severity: HIGH (7.3) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
Links:
Published: March 31, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-14905
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.
Severity: MEDIUM (5.6) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Links:
Published: March 24, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-10684
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Links:
Published: March 11, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-1733
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.
Severity: MEDIUM (5.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Links:
Published: March 9, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-1737
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 16, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-1738
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Links:
Published: March 12, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-1739
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
Links: