redhat/ansible: The latest CVE Vulnerabilities and Exploits for Penetration Test
redhat/ansible Vulnerability Summary
- Vendor name: redhat
- Product name: ansible
- Total vulnerabilities: 105 (as 2023-05-04)
redhat/ansible Vulnerability List
CVE-2021-3583: A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This…
Published: 2021-09-22T12:15:00 Last Modified: 2021-10-05T16:12:00
Summary
A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
Common Weakness Enumeration (CWE): CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
CWE Description: The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3583 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3532: A flaw was found in Ansible where the secret information present in async_files are getting…
Published: 2021-06-09T12:15:00 Last Modified: 2021-06-21T16:54:00
Summary
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3532 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3533: A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a…
Published: 2021-06-09T12:15:00 Last Modified: 2021-06-17T17:21:00
Summary
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.
Scores
- Impact Score: 2.9
- Exploitability Score: 1.9
- CVSS: 1.2
- CVSS Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3533 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14327: A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and…
Published: 2021-05-27T20:15:00 Last Modified: 2021-06-07T18:41:00
Summary
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response.
Common Weakness Enumeration (CWE): CWE-918: Server-Side Request Forgery (SSRF)
CWE Description: This entry has been deprecated. It originally came from PLOVER, which sometimes defined “other” and “miscellaneous” categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14327 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14328: A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw…
Published: 2021-05-27T20:15:00 Last Modified: 2021-06-07T18:37:00
Summary
A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality.
Common Weakness Enumeration (CWE): CWE-918: Server-Side Request Forgery (SSRF)
CWE Description: This entry has been deprecated. It originally came from PLOVER, which sometimes defined “other” and “miscellaneous” categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14328 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14329: A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data…
Published: 2021-05-27T20:15:00 Last Modified: 2021-06-07T18:37:00
Summary
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14329 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10729: A flaw was found in the use of insufficiently random values in Ansible. Two random password…
Published: 2021-05-27T19:15:00 Last Modified: 2021-12-10T19:57:00
Summary
A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.
Common Weakness Enumeration (CWE): CWE-330: Use of Insufficiently Random Values
CWE Description: The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10729 vulnerability.
References
- https://github.com/ansible/ansible/issues/34144
- https://bugzilla.redhat.com/show_bug.cgi?id=1831089
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10697: A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is…
Published: 2021-05-27T19:15:00 Last Modified: 2021-06-08T01:47:00
Summary
A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which memcached is designed. Theoretically, more sophisticated attacks can be performed by manipulating and crafting the cache, as Tower relies on memcached as a place to pull out setting values. Confidential and sensitive data stored in memcached should not be pulled, as this information is encrypted. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10697 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10698: A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the…
Published: 2021-05-27T19:15:00 Last Modified: 2021-06-07T20:07:00
Summary
A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10698 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10709: A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2…
Published: 2021-05-27T19:15:00 Last Modified: 2021-06-08T01:45:00
Summary
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. This flaw affects Ansible Tower versions before 3.6.4 and Ansible Tower versions before 3.5.6.
Common Weakness Enumeration (CWE): CWE-672: Operation on a Resource after Expiration or Release
CWE Description: The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10709 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20191: A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by…
Published: 2021-05-26T21:15:00 Last Modified: 2021-06-03T13:59:00
Summary
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File
CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20191 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20178: A flaw was found in ansible module where credentials are disclosed in the console log by default…
Published: 2021-05-26T12:15:00 Last Modified: 2021-06-03T15:57:00
Summary
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File
CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20178 vulnerability.
References
- https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes ,
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/
- https://bugzilla.redhat.com/show_bug.cgi?id=1914774
- https://github.com/ansible-collections/community.general/pull/1635 ,
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20228: A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and…
Published: 2021-04-29T16:15:00 Last Modified: 2021-12-10T19:56:00
Summary
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
Common Weakness Enumeration (CWE): CWE-522: Insufficiently Protected Credentials
CWE Description: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20228 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1925002
- https://github.com/ansible/ansible/pull/73487
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3447: A flaw was found in several ansible modules, where parameters containing credentials, such as…
Published: 2021-04-01T18:15:00 Last Modified: 2021-06-03T13:47:00
Summary
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.
Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File
CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3447 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939349
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20253: A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape…
Published: 2021-03-09T18:15:00 Last Modified: 2021-06-02T16:35:00
Summary
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-552: Files or Directories Accessible to External Parties
CWE Description: The product makes files or directories accessible to unauthorized actors, even though they should not be.
Scores
- Impact Score: 6.4
- Exploitability Score: 1.5
- CVSS: 3.5
- CVSS Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: HIGH
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20253 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25635: A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is…
Published: 2020-10-05T14:15:00 Last Modified: 2020-10-08T18:40:00
Summary
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.
Common Weakness Enumeration (CWE): CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
CWE Description: The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25635 vulnerability.
References
- https://github.com/ansible-collections/community.aws/issues/222
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25636: A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no…
Published: 2020-10-05T13:15:00 Last Modified: 2020-10-09T23:24:00
Summary
A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.
Common Weakness Enumeration (CWE): CWE-552: Files or Directories Accessible to External Parties
CWE Description: The product makes files or directories accessible to unauthorized actors, even though they should not be.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25636 vulnerability.
References
- https://github.com/ansible-collections/community.aws/issues/221
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14365: A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine…
Published: 2020-09-23T13:15:00 Last Modified: 2021-08-07T15:15:00
Summary
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.
Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature
CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Scores
- Impact Score: 9.2
- Exploitability Score: 3.9
- CVSS: 6.6
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14365 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14330: An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module,…
Published: 2020-09-11T18:15:00 Last Modified: 2021-11-02T17:12:00
Summary
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
Common Weakness Enumeration (CWE): CWE-116: Improper Encoding or Escaping of Output
CWE Description: The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14330 vulnerability.
References
- https://github.com/ansible/ansible/issues/68400
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14332: A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode…
Published: 2020-09-11T18:15:00 Last Modified: 2021-08-07T15:15:00
Summary
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (–check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
Common Weakness Enumeration (CWE): CWE-117: Improper Output Neutralization for Logs
CWE Description: The software does not neutralize or incorrectly neutralizes output that is written to logs.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14332 vulnerability.
References
- https://github.com/ansible/ansible/pull/71033
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14904: A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the…
Published: 2020-08-26T03:15:00 Last Modified: 2021-08-07T15:15:00
Summary
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the ‘ps’ bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
Common Weakness Enumeration (CWE): CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
CWE Description: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Scores
- Impact Score: 8.5
- Exploitability Score: 3.9
- CVSS: 6.1
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: COMPLETE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14904 vulnerability.
References
- https://github.com/ansible/ansible/pull/65686
- https://bugzilla.redhat.com/show_bug.cgi?id=1776944
- https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14337: A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return…
Published: 2020-07-31T13:15:00 Last Modified: 2020-08-11T17:03:00
Summary
A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality.
Common Weakness Enumeration (CWE): CWE-209: Generation of Error Message Containing Sensitive Information
CWE Description: The software generates an error message that includes sensitive information about its environment, users, or associated data.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-14337 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10782: An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive…
Published: 2020-06-18T13:15:00 Last Modified: 2021-10-26T20:06:00
Summary
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10782 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10744: An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary…
Published: 2020-05-15T14:15:00 Last Modified: 2020-05-29T14:10:00
Summary
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.
Common Weakness Enumeration (CWE): CWE-668: Exposure of Resource to Wrong Sphere
CWE Description: The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Scores
- Impact Score: 6.4
- Exploitability Score: 1.9
- CVSS: 3.7
- CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10744 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1746: A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and…
Published: 2020-05-12T18:15:00 Last Modified: 2021-10-19T14:14:00
Summary
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 3.4
- CVSS: 1.9
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-1746 vulnerability.
References
- https://github.com/ansible/ansible/pull/67866
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10685: A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and…
Published: 2020-05-11T14:15:00 Last Modified: 2021-12-21T12:40:00
Summary
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.
Common Weakness Enumeration (CWE): CWE-459: Incomplete Cleanup
CWE Description: The software does not properly “clean up” and remove temporary or supporting resources after they have been used.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.4
- CVSS: 1.9
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10685 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685
- https://github.com/ansible/ansible/pull/68433
- https://security.gentoo.org/glsa/202006-11
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10691: An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when…
Published: 2020-04-30T17:15:00 Last Modified: 2020-05-21T14:49:00
Summary
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10691 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10691
- https://github.com/ansible/ansible/pull/68596
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14905: A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8,…
Published: 2020-03-31T17:15:00 Last Modified: 2021-11-02T18:09:00
Summary
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible’s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.
Common Weakness Enumeration (CWE): CWE-668: Exposure of Resource to Wrong Sphere
CWE Description: The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14905 vulnerability.
References
- https://access.redhat.com/errata/RHSA-2020:0218
- https://access.redhat.com/errata/RHSA-2020:0216
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10684: A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9…
Published: 2020-03-24T14:15:00 Last Modified: 2021-12-20T22:54:00
Summary
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10684 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
- https://security.gentoo.org/glsa/202006-11
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1738: A flaw was found in Ansible Engine when the module package or service is used and the parameter…
Published: 2020-03-16T16:15:00 Last Modified: 2021-08-04T17:14:00
Summary
A flaw was found in Ansible Engine when the module package or service is used and the parameter ‘use’ is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Common Weakness Enumeration (CWE): CWE-88: Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)
CWE Description: The software constructs a string for a command to executed by a separate componentin another control sphere, but it does not properly delimit theintended arguments, options, or switches within that command string.
Scores
- Impact Score: 4.9
- Exploitability Score: 1.9
- CVSS: 2.6
- CVSS Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-1738 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738
- https://github.com/ansible/ansible/issues/67796
- https://security.gentoo.org/glsa/202006-11
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1740: A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a…
Published: 2020-03-16T16:15:00 Last Modified: 2021-08-07T15:15:00
Summary
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes “ansible-vault edit”, another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Common Weakness Enumeration (CWE): CWE-377: Insecure Temporary File
CWE Description: Creating and using insecure temporary files can leave application and system data vulnerable to attack.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.4
- CVSS: 1.9
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-1740 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
- https://github.com/ansible/ansible/issues/67798
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
- https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
- https://security.gentoo.org/glsa/202006-11
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1735: A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept…
Published: 2020-03-16T16:15:00 Last Modified: 2021-08-07T15:15:00
Summary
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-1735 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
- https://github.com/ansible/ansible/issues/67793
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
- https://security.gentoo.org/glsa/202006-11
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1736: A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file…
Published: 2020-03-16T16:15:00 Last Modified: 2021-08-04T17:14:00
Summary
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-1736 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
- https://github.com/ansible/ansible/issues/67794
- https://security.gentoo.org/glsa/202006-11
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1753: A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all…
Published: 2020-03-16T15:15:00 Last Modified: 2021-08-07T15:15:00
Summary
A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.
Common Weakness Enumeration (CWE): CWE-214: Invocation of Process Using Visible Sensitive Information
CWE Description: A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-1753 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753
- https://github.com/ansible-collections/kubernetes/pull/51
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
- https://security.gentoo.org/glsa/202006-11
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1739: A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a…
Published: 2020-03-12T18:15:00 Last Modified: 2021-08-07T15:15:00
Summary
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument “password” of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 4.9
- Exploitability Score: 3.4
- CVSS: 3.3
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-1739 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
- https://github.com/ansible/ansible/issues/67797
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
- https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1733: A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and…
Published: 2020-03-11T19:15:00 Last Modified: 2021-08-07T15:15:00
Summary
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with “umask 77 && mkdir -p
Common Weakness Enumeration (CWE): CWE-377: Insecure Temporary File
CWE Description: Creating and using insecure temporary files can leave application and system data vulnerable to attack.
Scores
- Impact Score: 6.4
- Exploitability Score: 1.9
- CVSS: 3.7
- CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-1733 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733
- https://github.com/ansible/ansible/issues/67791
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
- https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
- https://security.gentoo.org/glsa/202006-11
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1737: A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the…
Published: 2020-03-09T16:15:00 Last Modified: 2020-06-13T04:15:00
Summary
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-1737 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737
- https://github.com/ansible/ansible/issues/67795
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
- https://security.gentoo.org/glsa/202006-11
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1734: A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the…
Published: 2020-03-03T22:15:00 Last Modified: 2020-05-29T14:11:00
Summary
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
Common Weakness Enumeration (CWE): CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
CWE Description: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Scores
- Impact Score: 6.4
- Exploitability Score: 1.9
- CVSS: 3.7
- CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-1734 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734
- https://github.com/ansible/ansible/issues/67792
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-4659: Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to…
Published: 2020-02-20T15:15:00 Last Modified: 2020-02-25T21:00:00
Summary
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the “deb http://user:pass@server:port/” format.
Common Weakness Enumeration (CWE): CWE-522: Insufficiently Protected Credentials
CWE Description: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2014-4659 vulnerability.
References
- https://www.securityfocus.com/bid/68234
- https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-4658: The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or…
Published: 2020-02-20T15:15:00 Last Modified: 2020-02-25T20:19:00
Summary
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2014-4658 vulnerability.
References
- https://www.securityfocus.com/bid/68233
- https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-4657: The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which…
Published: 2020-02-20T15:15:00 Last Modified: 2020-02-25T21:14:00
Summary
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2014-4657 vulnerability.
References
- https://www.securityfocus.com/bid/68232
- https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-4660: Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb…
Published: 2020-02-20T03:15:00 Last Modified: 2020-02-25T20:13:00
Summary
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the “deb http://user:pass@server:port/” format.
Common Weakness Enumeration (CWE): CWE-522: Insufficiently Protected Credentials
CWE Description: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2014-4660 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2014-4660
- https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
- https://www.securityfocus.com/bid/68231
- https://www.openwall.com/lists/oss-security/2014/06/26/19
- https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-4678: The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which…
Published: 2020-02-20T03:15:00 Last Modified: 2020-02-25T16:12:00
Summary
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
Common Weakness Enumeration (CWE): CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
CWE Description: The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2014-4678 vulnerability.
References
- https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5
- https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678
- https://www.openwall.com/lists/oss-security/2014/07/02/2
- https://security-tracker.debian.org/tracker/CVE-2014-4678
- https://www.openwall.com/lists/oss-security/2014/06/26/30
- https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916
- https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-4967: Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to…
Published: 2020-02-18T15:15:00 Last Modified: 2020-02-26T15:35:00
Summary
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.
Common Weakness Enumeration (CWE): CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
CWE Description: The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2014-4967 vulnerability.
References
- https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527
- http://www.ocert.org/advisories/ocert-2014-004.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-4966: Ansible before 1.6.7 does not prevent inventory data with “{{” and “lookup” substrings, and does…
Published: 2020-02-18T15:15:00 Last Modified: 2020-02-26T14:40:00
Summary
Ansible before 1.6.7 does not prevent inventory data with “{{” and “lookup” substrings, and does not prevent remote data with “{{” substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup(‘pipe’) calls or (2) crafted Jinja2 data.
Common Weakness Enumeration (CWE): CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
CWE Description: The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2014-4966 vulnerability.
References
- https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527
- http://www.ocert.org/advisories/ocert-2014-004.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-2686: Ansible prior to 1.5.4 mishandles the evaluation of some strings.
Published: 2020-01-09T13:15:00 Last Modified: 2020-01-21T16:01:00
Summary
Ansible prior to 1.5.4 mishandles the evaluation of some strings.
Common Weakness Enumeration (CWE): CWE-670: Always-Incorrect Control Flow Implementation
CWE Description: The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2014-2686 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14864: Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before…
Published: 2020-01-02T15:15:00 Last Modified: 2021-08-07T15:15:00
Summary
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
Common Weakness Enumeration (CWE): CWE-117: Improper Output Neutralization for Logs
CWE Description: The software does not neutralize or incorrectly neutralizes output that is written to logs.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-14864 vulnerability.
References
- https://github.com/ansible/ansible/pull/63527
- https://github.com/ansible/ansible/issues/63522
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19340: A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where…
Published: 2019-12-19T21:15:00 Last Modified: 2020-12-04T18:15:00
Summary
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with ‘-e rabbitmq_enable_manager=true’ exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.
Common Weakness Enumeration (CWE): CWE-1188: Insecure Default Initialization of Resource
CWE Description: The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-19340 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19342: A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when…
Published: 2019-12-19T21:15:00 Last Modified: 2020-05-21T15:43:00
Summary
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the ‘#’ character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.
Common Weakness Enumeration (CWE): CWE-209: Generation of Error Message Containing Sensitive Information
CWE Description: The software generates an error message that includes sensitive information about its environment, users, or associated data.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-19342 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19341: A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in…
Published: 2019-12-19T21:15:00 Last Modified: 2020-12-04T18:15:00
Summary
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in ‘/var/backup/tower’ are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-19341 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14856: ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
Published: 2019-11-26T14:15:00 Last Modified: 2021-08-04T17:14:00
Summary
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
Common Weakness Enumeration (CWE): CWE-287: Improper Authentication
CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-14856 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856
- https://access.redhat.com/errata/RHSA-2020:0756
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14890: A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege…
Published: 2019-11-26T07:15:00 Last Modified: 2019-12-17T18:07:00
Summary
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at ‘/api/v2/config’ when applying the Ansible Tower license.
Common Weakness Enumeration (CWE): CWE-312: Cleartext Storage of Sensitive Information
CWE Description: The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14890 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10217: A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as…
Published: 2019-11-25T16:15:00 Last Modified: 2020-04-13T00:15:00
Summary
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10217 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10217
- https://github.com/ansible/ansible/issues/56269
- https://github.com/ansible/ansible/pull/59427
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10206: ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before…
Published: 2019-11-22T13:15:00 Last Modified: 2021-10-28T12:14:00
Summary
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
Common Weakness Enumeration (CWE): CWE-522: Insufficiently Protected Credentials
CWE Description: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10206 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14858: A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a…
Published: 2019-10-14T15:15:00 Last Modified: 2019-10-24T23:15:00
Summary
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.
Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File
CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14858 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
- https://access.redhat.com/errata/RHSA-2019:3207
- https://access.redhat.com/errata/RHSA-2019:3201
- https://access.redhat.com/errata/RHSA-2019:3202
- https://access.redhat.com/errata/RHSA-2019:3203
- https://access.redhat.com/errata/RHSA-2020:0756
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14846: In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13,…
Published: 2019-10-08T19:15:00 Last Modified: 2021-08-07T15:15:00
Summary
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
Common Weakness Enumeration (CWE): CWE-117: Improper Output Neutralization for Logs
CWE Description: The software does not neutralize or incorrectly neutralizes output that is written to logs.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14846 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846
- https://github.com/ansible/ansible/pull/63366
- https://access.redhat.com/errata/RHSA-2019:3207
- https://access.redhat.com/errata/RHSA-2019:3201
- https://access.redhat.com/errata/RHSA-2019:3202
- https://access.redhat.com/errata/RHSA-2019:3203
- https://access.redhat.com/errata/RHSA-2020:0756
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
- https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10156: A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18,…
Published: 2019-07-30T23:15:00 Last Modified: 2021-08-07T15:15:00
Summary
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 4.9
- Exploitability Score: 8.0
- CVSS: 5.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10156 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156
- https://github.com/ansible/ansible/pull/57188
- https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
- https://access.redhat.com/errata/RHSA-2019:3744
- https://access.redhat.com/errata/RHSA-2019:3789
- https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3869: When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed…
Published: 2019-03-28T14:29:00 Last Modified: 2020-05-21T15:41:00
Summary
When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3869 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3828: Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability…
Published: 2019-03-27T13:29:00 Last Modified: 2020-05-21T14:55:00
Summary
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.4
- CVSS: 3.3
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-3828 vulnerability.
References
- https://github.com/ansible/ansible/pull/52133
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
- https://usn.ubuntu.com/4072-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
- https://access.redhat.com/errata/RHSA-2019:3744
- https://access.redhat.com/errata/RHSA-2019:3789
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3838: It was found that the forceput operator could be extracted from the DefineResource method in…
Published: 2019-03-25T19:29:00 Last Modified: 2020-10-15T14:05:00
Summary
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3838 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838
- https://bugs.ghostscript.com/show_bug.cgi?id=700576
- https://access.redhat.com/errata/RHSA-2019:0652
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVERLGEU3OV6RNZ2SIBXREWD3BF5H23N/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANBSCZABXQUEQWIKNWJ35IYX24M227EI/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html
- https://seclists.org/bugtraq/2019/Apr/4
- http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A43SRQAEHQCKSEMIBINHUNIGHTDCZD7F/
- https://www.debian.org/security/2019/dsa-4432
- https://seclists.org/bugtraq/2019/Apr/28
- https://lists.debian.org/debian-lts-announce/2019/04/msg00021.html
- https://access.redhat.com/errata/RHSA-2019:0971
- https://security.gentoo.org/glsa/202004-03
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3835: It was found that the superexec operator was available in the internal dictionary in ghostscript…
Published: 2019-03-25T19:29:00 Last Modified: 2020-10-15T13:50:00
Summary
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3835 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3835
- https://bugs.ghostscript.com/show_bug.cgi?id=700585
- https://access.redhat.com/errata/RHSA-2019:0652
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVERLGEU3OV6RNZ2SIBXREWD3BF5H23N/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANBSCZABXQUEQWIKNWJ35IYX24M227EI/
- https://seclists.org/bugtraq/2019/Apr/4
- http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A43SRQAEHQCKSEMIBINHUNIGHTDCZD7F/
- https://www.debian.org/security/2019/dsa-4432
- https://seclists.org/bugtraq/2019/Apr/28
- http://www.securityfocus.com/bid/107855
- https://lists.debian.org/debian-lts-announce/2019/04/msg00021.html
- https://access.redhat.com/errata/RHSA-2019:0971
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
- https://security.gentoo.org/glsa/202004-03
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16876: ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in…
Published: 2019-01-03T15:29:00 Last Modified: 2021-08-04T17:15:00
Summary
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 6.8
- CVSS: 3.5
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16876 vulnerability.
References
- https://github.com/ansible/ansible/pull/49569
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876
- https://access.redhat.com/errata/RHSA-2018:3838
- https://access.redhat.com/errata/RHSA-2018:3837
- https://access.redhat.com/errata/RHSA-2018:3836
- https://access.redhat.com/errata/RHSA-2018:3835
- http://www.securityfocus.com/bid/106225
- https://www.debian.org/security/2019/dsa-4396
- https://access.redhat.com/errata/RHSA-2019:0564
- https://access.redhat.com/errata/RHSA-2019:0590
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
- https://usn.ubuntu.com/4072-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16879: Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default…
Published: 2019-01-03T14:29:00 Last Modified: 2020-12-04T18:15:00
Summary
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.
Common Weakness Enumeration (CWE): CWE-311: Missing Encryption of Sensitive Data
CWE Description: The software does not encrypt sensitive or critical information before storage or transmission.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16879 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16859: Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and…
Published: 2018-11-29T18:29:00 Last Modified: 2019-04-03T09:29:00
Summary
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for ‘become’ passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File
CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-16859 vulnerability.
References
- https://github.com/ansible/ansible/pull/49142
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859
- http://www.securityfocus.com/bid/106004
- https://access.redhat.com/errata/RHSA-2018:3773
- https://access.redhat.com/errata/RHSA-2018:3772
- https://access.redhat.com/errata/RHSA-2018:3771
- https://access.redhat.com/errata/RHSA-2018:3770
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16837: Ansible “User” module leaks any data which is passed on as a parameter to ssh-keygen. This could…
Published: 2018-10-23T15:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Ansible “User” module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.
Common Weakness Enumeration (CWE): CWE-311: Missing Encryption of Sensitive Data
CWE Description: The software does not encrypt sensitive or critical information before storage or transmission.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-16837 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837
- http://www.securityfocus.com/bid/105700
- https://access.redhat.com/errata/RHSA-2018:3463
- https://access.redhat.com/errata/RHSA-2018:3462
- https://access.redhat.com/errata/RHSA-2018:3461
- https://access.redhat.com/errata/RHSA-2018:3460
- https://access.redhat.com/errata/RHSA-2018:3505
- https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html
- https://access.redhat.com/security/cve/cve-2018-16837
- https://www.debian.org/security/2019/dsa-4396
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
- https://usn.ubuntu.com/4072-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-1000805: Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access…
Published: 2018-10-08T15:29:00 Last Modified: 2021-12-28T13:15:00
Summary
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.0
- CVSS: 6.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-1000805 vulnerability.
References
- https://github.com/paramiko/paramiko/issues/1283
- https://usn.ubuntu.com/3796-2/
- https://usn.ubuntu.com/3796-1/
- https://usn.ubuntu.com/3796-3/
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://access.redhat.com/errata/RHSA-2018:3406
- https://access.redhat.com/errata/RHSA-2018:3347
- https://access.redhat.com/errata/RHSA-2018:3505
- https://access.redhat.com/errata/RHBA-2018:3497
- https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17456: Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x…
Published: 2018-10-06T14:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive “git clone” of a superproject if a .gitmodules file has a URL field beginning with a ‘-’ character.
Common Weakness Enumeration (CWE): CWE-88: Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)
CWE Description: The software constructs a string for a command to executed by a separate componentin another control sphere, but it does not properly delimit theintended arguments, options, or switches within that command string.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Exploits Database (Total Exploits Count: 2)
Code designed for conducting penetration testing on CVE-2018-17456 vulnerability.
- Git Submodule - Arbitrary Code Execution by joernchen at 2018-10-16
- Git Submodule - Arbitrary Code Execution (PoC) by Junio C Hamano at 2018-10-05
References
- https://www.openwall.com/lists/oss-security/2018/10/06/3
- https://marc.info/?l=git&m=153875888916397&w=2
- https://github.com/git/git/commit/a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46
- https://github.com/git/git/commit/1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404
- https://www.debian.org/security/2018/dsa-4311
- https://www.exploit-db.com/exploits/45548/
- http://www.securitytracker.com/id/1041811
- http://www.securityfocus.com/bid/105523
- https://usn.ubuntu.com/3791-1/
- https://www.exploit-db.com/exploits/45631/
- https://access.redhat.com/errata/RHSA-2018:3408
- https://access.redhat.com/errata/RHSA-2018:3505
- https://access.redhat.com/errata/RHSA-2018:3541
- https://seclists.org/bugtraq/2019/Mar/30
- http://www.securityfocus.com/bid/107511
- http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html
- https://access.redhat.com/errata/RHSA-2020:0316
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2016-7070: A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a…
Published: 2018-09-11T13:29:00 Last Modified: 2019-10-09T23:19:00
Summary
A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.
Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls
CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Scores
- Impact Score: 6.4
- Exploitability Score: 5.1
- CVSS: 5.2
- CVSS Vector: AV:A/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2016-7070 vulnerability.
References
- https://docs.ansible.com/ansible-tower/3.0.3/html/upgrade-migration-guide/release_notes.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7070
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-7528: Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF…
Published: 2018-08-22T16:29:00 Last Modified: 2019-10-09T23:29:00
Summary
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).
Common Weakness Enumeration (CWE): CWE-93: Improper Neutralization of CRLF Sequences (‘CRLF Injection’)
CWE Description: The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
Scores
- Impact Score: 2.9
- Exploitability Score: 6.5
- CVSS: 3.3
- CVSS Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2017-7528 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-10884: Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF)…
Published: 2018-08-22T14:29:00 Last Modified: 2019-10-09T23:33:00
Summary
Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.
Common Weakness Enumeration (CWE): CWE-352: Cross-Site Request Forgery (CSRF)
CWE Description: The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-10884 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2015-9262: _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause…
Published: 2018-08-01T23:29:00 Last Modified: 2019-04-16T19:08:00
Summary
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2015-9262 vulnerability.
References
- https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05
- https://bugs.freedesktop.org/show_bug.cgi?id=90857
- https://usn.ubuntu.com/3729-1/
- https://lists.debian.org/debian-lts-announce/2018/08/msg00016.html
- https://access.redhat.com/errata/RHSA-2018:3059
- https://access.redhat.com/errata/RHSA-2018:3505
See also: All popular products CVE Vulnerabilities of redhat
CVE-2016-8614: A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key…
Published: 2018-07-31T21:29:00 Last Modified: 2019-10-09T23:20:00
Summary
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
Common Weakness Enumeration (CWE): CWE-320: Key Management Errors
CWE Description: Weaknesses in this category are related to errors in the management of cryptographic keys.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2016-8614 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614
- https://github.com/ansible/ansible-modules-core/pull/5357
- https://github.com/ansible/ansible-modules-core/pull/5353
- https://github.com/ansible/ansible-modules-core/issues/5237
- http://www.securityfocus.com/bid/94108
See also: All popular products CVE Vulnerabilities of redhat
CVE-2016-8628: Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible…
Published: 2018-07-31T20:29:00 Last Modified: 2019-10-09T23:20:00
Summary
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
Common Weakness Enumeration (CWE): CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
CWE Description: The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.0
- CVSS: 9.0
- CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2016-8628 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628
- https://access.redhat.com/errata/RHSA-2016:2778
- http://www.securityfocus.com/bid/94109
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14680: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank…
Published: 2018-07-28T23:29:00 Last Modified: 2021-04-26T11:45:00
Summary
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14680 vulnerability.
References
- https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
- https://bugs.debian.org/904801
- http://www.openwall.com/lists/oss-security/2018/07/26/1
- https://usn.ubuntu.com/3728-1/
- https://www.debian.org/security/2018/dsa-4260
- https://usn.ubuntu.com/3728-3/
- http://www.securitytracker.com/id/1041410
- https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html
- https://usn.ubuntu.com/3728-2/
- https://usn.ubuntu.com/3789-2/
- https://access.redhat.com/errata/RHSA-2018:3327
- https://access.redhat.com/errata/RHSA-2018:3505
- https://security.gentoo.org/glsa/201903-20
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad…
Published: 2018-07-28T23:29:00 Last Modified: 2021-04-26T11:45:00
Summary
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14681 vulnerability.
References
- https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
- https://bugs.debian.org/904799
- http://www.openwall.com/lists/oss-security/2018/07/26/1
- https://usn.ubuntu.com/3728-1/
- https://www.debian.org/security/2018/dsa-4260
- https://usn.ubuntu.com/3728-3/
- http://www.securitytracker.com/id/1041410
- https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html
- https://usn.ubuntu.com/3728-2/
- https://usn.ubuntu.com/3789-2/
- https://access.redhat.com/errata/RHSA-2018:3327
- https://access.redhat.com/errata/RHSA-2018:3505
- https://security.gentoo.org/glsa/201903-20
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14682: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one…
Published: 2018-07-28T23:29:00 Last Modified: 2021-04-26T11:45:00
Summary
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
Common Weakness Enumeration (CWE): CWE-193: Off-by-one Error
CWE Description: A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14682 vulnerability.
References
- https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
- https://bugs.debian.org/904800
- http://www.openwall.com/lists/oss-security/2018/07/26/1
- https://usn.ubuntu.com/3728-1/
- https://www.debian.org/security/2018/dsa-4260
- https://usn.ubuntu.com/3728-3/
- http://www.securitytracker.com/id/1041410
- https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html
- https://usn.ubuntu.com/3728-2/
- https://usn.ubuntu.com/3789-2/
- https://access.redhat.com/errata/RHSA-2018:3327
- https://access.redhat.com/errata/RHSA-2018:3505
- https://security.gentoo.org/glsa/201903-20
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14679: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one…
Published: 2018-07-28T23:29:00 Last Modified: 2021-04-26T11:45:00
Summary
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
Common Weakness Enumeration (CWE): CWE-193: Off-by-one Error
CWE Description: A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14679 vulnerability.
References
- https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
- https://bugs.debian.org/904802
- http://www.openwall.com/lists/oss-security/2018/07/26/1
- https://usn.ubuntu.com/3728-1/
- https://www.debian.org/security/2018/dsa-4260
- https://usn.ubuntu.com/3728-3/
- http://www.securitytracker.com/id/1041410
- https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html
- https://usn.ubuntu.com/3728-2/
- https://usn.ubuntu.com/3789-2/
- https://access.redhat.com/errata/RHSA-2018:3327
- https://access.redhat.com/errata/RHSA-2018:3505
- https://security.gentoo.org/glsa/201903-20
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-12148: A flaw was found in Ansible Tower’s interface before 3.1.5 and 3.2.0 with SCM repositories. If a…
Published: 2018-07-27T16:29:00 Last Modified: 2019-10-09T23:22:00
Summary
A flaw was found in Ansible Tower’s interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the ‘delete before update’ flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.0
- CVSS: 9.0
- CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-12148 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148
- https://access.redhat.com/errata/RHSA-2017:3005
See also: All popular products CVE Vulnerabilities of redhat
CVE-2016-8647: An input validation vulnerability was found in Ansible’s mysql_user module before 2.2.1.0, which…
Published: 2018-07-26T14:29:00 Last Modified: 2019-10-09T23:20:00
Summary
An input validation vulnerability was found in Ansible’s mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2016-8647 vulnerability.
References
- https://github.com/ansible/ansible-modules-core/pull/5388
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647
- https://access.redhat.com/errata/RHSA-2017:1685
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-13988: Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory…
Published: 2018-07-25T23:29:00 Last Modified: 2019-04-25T14:16:00
Summary
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-13988 vulnerability.
References
- http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1602838
- https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988
- https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee
- https://usn.ubuntu.com/3757-1/
- https://access.redhat.com/errata/RHSA-2018:3140
- https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html
- https://access.redhat.com/errata/RHSA-2018:3505
- https://access.redhat.com/errata/RHBA-2019:0327
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-7481: Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as…
Published: 2018-07-19T13:29:00 Last Modified: 2021-08-04T17:15:00
Summary
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as ‘unsafe’ and is not evaluated.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-7481 vulnerability.
References
- https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481
- https://access.redhat.com/errata/RHSA-2017:2524
- https://access.redhat.com/errata/RHSA-2017:1599
- https://access.redhat.com/errata/RHSA-2017:1499
- https://access.redhat.com/errata/RHSA-2017:1476
- https://access.redhat.com/errata/RHSA-2017:1334
- https://access.redhat.com/errata/RHSA-2017:1244
- http://www.securityfocus.com/bid/98492
- https://usn.ubuntu.com/4072-1/
- https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-10875: A flaw was found in ansible. ansible.cfg is read from the current working directory which can be…
Published: 2018-07-13T22:29:00 Last Modified: 2021-08-04T17:14:00
Summary
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
Common Weakness Enumeration (CWE): CWE-426: Untrusted Search Path
CWE Description: The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application’s direct control.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-10875 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875
- https://access.redhat.com/errata/RHSA-2018:2166
- https://access.redhat.com/errata/RHSA-2018:2152
- https://access.redhat.com/errata/RHSA-2018:2151
- https://access.redhat.com/errata/RHSA-2018:2150
- https://access.redhat.com/errata/RHSA-2018:2321
- http://www.securitytracker.com/id/1041396
- https://access.redhat.com/errata/RHSA-2018:2585
- https://access.redhat.com/errata/RHBA-2018:3788
- https://access.redhat.com/errata/RHSA-2019:0054
- https://www.debian.org/security/2019/dsa-4396
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
- https://usn.ubuntu.com/4072-1/
- https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-12910: The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have…
Published: 2018-07-05T18:29:00 Last Modified: 2019-05-08T18:21:00
Summary
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-12910 vulnerability.
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SBREWZ3EEDYWG6PCLWL2EJ24ME5ZFAX6/
- https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f
- https://www.debian.org/security/2018/dsa-4241
- https://usn.ubuntu.com/3701-1/
- https://lists.debian.org/debian-lts-announce/2018/07/msg00007.html
- https://gitlab.gnome.org/GNOME/libsoup/issues/3
- https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047
- https://access.redhat.com/errata/RHSA-2018:3140
- https://access.redhat.com/errata/RHSA-2018:3505
- https://access.redhat.com/errata/RHBA-2019:0327
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00003.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-10855: Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed…
Published: 2018-07-03T01:29:00 Last Modified: 2021-08-04T17:14:00
Summary
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File
CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-10855 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855
- https://access.redhat.com/errata/RHSA-2018:2079
- https://access.redhat.com/errata/RHSA-2018:2022
- https://access.redhat.com/errata/RHSA-2018:1949
- https://access.redhat.com/errata/RHSA-2018:1948
- https://access.redhat.com/errata/RHSA-2018:2184
- https://access.redhat.com/errata/RHSA-2018:2585
- https://access.redhat.com/errata/RHBA-2018:3788
- https://access.redhat.com/errata/RHSA-2019:0054
- https://www.debian.org/security/2019/dsa-4396
- https://usn.ubuntu.com/4072-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-10874: In ansible it was found that inventory variables are loaded from current working directory when…
Published: 2018-07-02T13:29:00 Last Modified: 2021-08-04T17:14:00
Summary
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker’s control, allowing to run arbitrary code as a result.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-10874 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874
- https://access.redhat.com/errata/RHSA-2018:2166
- https://access.redhat.com/errata/RHSA-2018:2152
- https://access.redhat.com/errata/RHSA-2018:2151
- https://access.redhat.com/errata/RHSA-2018:2150
- https://access.redhat.com/errata/RHSA-2018:2321
- http://www.securitytracker.com/id/1041396
- https://access.redhat.com/errata/RHSA-2018:2585
- https://access.redhat.com/errata/RHBA-2018:3788
- https://access.redhat.com/errata/RHSA-2019:0054
- https://usn.ubuntu.com/4072-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-7466: Ansible before version 2.3 has an input validation vulnerability in the handling of data sent…
Published: 2018-06-22T13:29:00 Last Modified: 2021-08-04T17:15:00
Summary
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 10.0
- Exploitability Score: 6.8
- CVSS: 8.5
- CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-7466 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466
- https://access.redhat.com/errata/RHSA-2017:1685
- https://access.redhat.com/errata/RHSA-2017:1599
- https://access.redhat.com/errata/RHSA-2017:1499
- https://access.redhat.com/errata/RHSA-2017:1476
- https://access.redhat.com/errata/RHSA-2017:1334
- https://access.redhat.com/errata/RHSA-2017:1244
- http://www.securityfocus.com/bid/97595
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-1061: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic…
Published: 2018-06-19T12:29:00 Last Modified: 2019-10-03T00:03:00
Summary
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-1061 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061
- https://bugs.python.org/issue32981
- https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1
- https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1
- https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html
- https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html
- https://www.debian.org/security/2018/dsa-4306
- https://www.debian.org/security/2018/dsa-4307
- https://access.redhat.com/errata/RHSA-2018:3041
- https://access.redhat.com/errata/RHSA-2018:3505
- https://usn.ubuntu.com/3817-1/
- http://www.securitytracker.com/id/1042001
- https://usn.ubuntu.com/3817-2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2019:1260
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us
- https://access.redhat.com/errata/RHSA-2019:3725
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-1060: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic…
Published: 2018-06-18T14:29:00 Last Modified: 2020-01-15T20:15:00
Summary
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib’s apop() method. An attacker could use this flaw to cause denial of service.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-1060 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060
- https://bugs.python.org/issue32981
- https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1
- https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1
- https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html
- https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html
- https://www.debian.org/security/2018/dsa-4306
- https://www.debian.org/security/2018/dsa-4307
- https://access.redhat.com/errata/RHSA-2018:3041
- https://access.redhat.com/errata/RHSA-2018:3505
- https://usn.ubuntu.com/3817-1/
- http://www.securitytracker.com/id/1042001
- https://usn.ubuntu.com/3817-2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2019:1260
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us
- https://access.redhat.com/errata/RHSA-2019:3725
- https://www.oracle.com/security-alerts/cpujan2020.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-0495: Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA…
Published: 2018-06-13T23:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Common Weakness Enumeration (CWE): CWE-203: Observable Discrepancy
CWE Description: The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.4
- CVSS: 1.9
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-0495 vulnerability.
References
- https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
- https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965
- https://dev.gnupg.org/T4011
- https://www.debian.org/security/2018/dsa-4231
- https://usn.ubuntu.com/3689-2/
- https://usn.ubuntu.com/3689-1/
- http://www.securitytracker.com/id/1041147
- http://www.securitytracker.com/id/1041144
- https://usn.ubuntu.com/3692-2/
- https://usn.ubuntu.com/3692-1/
- https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html
- https://access.redhat.com/errata/RHSA-2018:3221
- https://access.redhat.com/errata/RHSA-2018:3505
- https://usn.ubuntu.com/3850-1/
- https://usn.ubuntu.com/3850-2/
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://access.redhat.com/errata/RHSA-2019:1297
- https://access.redhat.com/errata/RHSA-2019:1296
- https://access.redhat.com/errata/RHSA-2019:1543
- https://access.redhat.com/errata/RHSA-2019:2237
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-18267: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote…
Published: 2018-05-10T15:29:00 Last Modified: 2020-07-23T12:15:00
Summary
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-18267 vulnerability.
References
- https://bugzilla.freedesktop.org/show_bug.cgi?id=103238
- https://usn.ubuntu.com/3647-1/
- https://access.redhat.com/errata/RHSA-2018:3140
- https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html
- https://access.redhat.com/errata/RHSA-2018:3505
- https://access.redhat.com/errata/RHBA-2019:0327
- https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-10768: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an…
Published: 2018-05-06T23:29:00 Last Modified: 2019-04-25T18:38:00
Summary
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-10768 vulnerability.
References
- https://bugs.freedesktop.org/show_bug.cgi?id=106408
- https://usn.ubuntu.com/3647-1/
- https://access.redhat.com/errata/RHSA-2018:3140
- https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html
- https://access.redhat.com/errata/RHSA-2018:3505
- https://access.redhat.com/errata/RHBA-2019:0327
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-10767: There is a stack-based buffer over-read in calling GLib in the function…
Published: 2018-05-06T23:29:00 Last Modified: 2019-10-03T00:03:00
Summary
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-10767 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1575188
- https://access.redhat.com/errata/RHSA-2018:3140
- https://access.redhat.com/errata/RHSA-2018:3505
- https://access.redhat.com/errata/RHBA-2019:0327
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-2233: Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by…
Published: 2018-05-04T20:29:00 Last Modified: 2018-06-07T17:24:00
Summary
Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
Common Weakness Enumeration (CWE): CWE-320: Key Management Errors
CWE Description: Weaknesses in this category are related to errors in the management of cryptographic keys.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2013-2233 vulnerability.
References
- https://www.ansible.com/security
- https://github.com/ansible/ansible/issues/857
- https://bugzilla.redhat.com/show_bug.cgi?id=980821
- http://www.openwall.com/lists/oss-security/2013/07/02/6
- http://www.openwall.com/lists/oss-security/2013/07/01/2
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-10733: There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in…
Published: 2018-05-04T17:29:00 Last Modified: 2019-10-03T00:03:00
Summary
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-10733 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1574844
- https://access.redhat.com/errata/RHSA-2018:3140
- https://access.redhat.com/errata/RHSA-2018:3505
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00005.html
- https://access.redhat.com/errata/RHBA-2019:0327
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-1104: Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to…
Published: 2018-05-02T19:29:00 Last Modified: 2019-10-09T23:38:00
Summary
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
Common Weakness Enumeration (CWE): CWE-94: Improper Control of Generation of Code (‘Code Injection’)
CWE Description: The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.0
- CVSS: 6.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-1104 vulnerability.
References
- https://www.ansible.com/security
- https://bugzilla.redhat.com/show_bug.cgi?id=1565862
- https://access.redhat.com/security/cve/cve-2018-1104
- https://access.redhat.com/errata/RHSA-2018:1328
- https://access.redhat.com/errata/RHSA-2018:1972
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-1101: Ansible Tower before version 3.2.4 has a flaw in the management of system and organization…
Published: 2018-05-02T18:29:00 Last Modified: 2019-10-09T23:38:00
Summary
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.
Common Weakness Enumeration (CWE): CWE-521: Weak Password Requirements
CWE Description: The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.0
- CVSS: 6.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-1101 vulnerability.
References
- https://access.redhat.com/security/cve/cve-2018-1101
- https://www.ansible.com/security
- https://access.redhat.com/errata/RHSA-2018:1328
- https://access.redhat.com/errata/RHSA-2018:1972
- https://bugzilla.redhat.com/show_bug.cgi?id=1563492
See also: All popular products CVE Vulnerabilities of redhat
CVE-2016-9587: Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible’s…
Published: 2018-04-24T16:29:00 Last Modified: 2021-09-13T10:50:00
Summary
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible’s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2016-9587 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587
- https://www.exploit-db.com/exploits/41013/
- https://security.gentoo.org/glsa/201701-77
- https://access.redhat.com/errata/RHSA-2017:1685
- https://access.redhat.com/errata/RHSA-2017:0515
- https://access.redhat.com/errata/RHSA-2017:0448
- http://www.securityfocus.com/bid/95352
- http://rhn.redhat.com/errata/RHSA-2017-0260.html
- http://rhn.redhat.com/errata/RHSA-2017-0195.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-7750: transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5,…
Published: 2018-03-13T18:29:00 Last Modified: 2021-12-28T13:15:00
Summary
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Common Weakness Enumeration (CWE): CWE-287: Improper Authentication
CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2018-7750 vulnerability.
References
- https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
- https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
- https://github.com/paramiko/paramiko/issues/1175
- https://usn.ubuntu.com/3603-2/
- https://access.redhat.com/errata/RHSA-2018:0591
- https://usn.ubuntu.com/3603-1/
- https://access.redhat.com/errata/RHSA-2018:0646
- https://access.redhat.com/errata/RHSA-2018:1125
- https://access.redhat.com/errata/RHSA-2018:1124
- https://access.redhat.com/errata/RHSA-2018:1213
- http://www.securityfocus.com/bid/103713
- https://access.redhat.com/errata/RHSA-2018:1274
- https://access.redhat.com/errata/RHSA-2018:1328
- https://access.redhat.com/errata/RHSA-2018:1525
- https://access.redhat.com/errata/RHSA-2018:1972
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://www.exploit-db.com/exploits/45712/
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-7550: A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain…
Published: 2017-11-21T17:29:00 Last Modified: 2021-09-13T10:50:00
Summary
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host’s logs. This flaw was fixed by not allowing passwords to be specified in the “params” argument, and noting this in the module documentation.
Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File
CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-7550 vulnerability.
References
- https://github.com/ansible/ansible/issues/30874
- https://bugzilla.redhat.com/show_bug.cgi?id=1473645
- https://access.redhat.com/errata/RHSA-2017:2966
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-3498: The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary…
Published: 2017-06-08T18:29:00 Last Modified: 2018-10-30T16:28:00
Summary
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.0
- CVSS: 6.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2014-3498 vulnerability.
References
- https://github.com/ansible/ansible/commit/8ed6350e65c82292a631f08845dfaacffe7f07f5
- https://bugzilla.redhat.com/show_bug.cgi?id=1335551
See also: All popular products CVE Vulnerabilities of redhat
CVE-2015-6240: The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape…
Published: 2017-06-07T20:29:00 Last Modified: 2019-09-16T15:15:00
Summary
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)
CWE Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2015-6240 vulnerability.
References
- https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b
- https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647
- https://bugzilla.redhat.com/show_bug.cgi?id=1243468
- http://www.openwall.com/lists/oss-security/2015/08/17/10
- https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2016-3096: The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before…
Published: 2016-06-03T14:59:00 Last Modified: 2018-10-30T16:28:00
Summary
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.
Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)
CWE Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2016-3096 vulnerability.
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1322925
- https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4
- https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html
- https://github.com/ansible/ansible-modules-extras/pull/1941
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html
- https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd
- https://security.gentoo.org/glsa/201607-14
- https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig
- https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0
See also: All popular products CVE Vulnerabilities of redhat
CVE-2015-3908: Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the…
Published: 2015-08-12T14:59:00 Last Modified: 2019-09-16T15:15:00
Summary
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Common Weakness Enumeration (CWE): CWE-345: Insufficient Verification of Data Authenticity
CWE Description: The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2015-3908 vulnerability.
References
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00051.html
- http://www.openwall.com/lists/oss-security/2015/07/14/4
- http://www.ansible.com/security
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00029.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-4259: runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local…
Published: 2013-09-16T19:14:00 Last Modified: 2018-10-30T16:28:00
Summary
runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.
Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls
CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.4
- CVSS: 1.9
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2013-4259 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=998223
- http://www.ansible.com/security
- https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-4260: lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to…
Published: 2013-09-16T19:14:00 Last Modified: 2018-10-30T16:28:00
Summary
lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.
Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls
CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.4
- CVSS: 3.3
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2013-4260 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=998227
- http://www.ansible.com/security
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86898
- https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg
See also: All popular products CVE Vulnerabilities of redhat