redhat/ansible_tower: The latest CVE Vulnerabilities and Exploits for Penetration Test

 

Page content

redhat/ansible_tower Vulnerability Summary

  • Vendor name: redhat
  • Product name: ansible_tower
  • Total vulnerabilities: 65 (as 2023-05-04)

redhat/ansible_tower Vulnerability List

CVE-2021-3583: A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This…

Published: 2021-09-22T12:15:00 Last Modified: 2021-10-05T16:12:00

Summary

A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.

Common Weakness Enumeration (CWE): CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

CWE Description: The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 3.9
  • CVSS: 3.6
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3583 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-3532: A flaw was found in Ansible where the secret information present in async_files are getting…

Published: 2021-06-09T12:15:00 Last Modified: 2021-06-21T16:54:00

Summary

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3532 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-3533: A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a…

Published: 2021-06-09T12:15:00 Last Modified: 2021-06-17T17:21:00

Summary

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 1.9
  • CVSS: 1.2
  • CVSS Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3533 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14327: A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and…

Published: 2021-05-27T20:15:00 Last Modified: 2021-06-07T18:41:00

Summary

A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response.

Common Weakness Enumeration (CWE): CWE-918: Server-Side Request Forgery (SSRF)

CWE Description: This entry has been deprecated. It originally came from PLOVER, which sometimes defined “other” and “miscellaneous” categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14327 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14328: A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw…

Published: 2021-05-27T20:15:00 Last Modified: 2021-06-07T18:37:00

Summary

A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality.

Common Weakness Enumeration (CWE): CWE-918: Server-Side Request Forgery (SSRF)

CWE Description: This entry has been deprecated. It originally came from PLOVER, which sometimes defined “other” and “miscellaneous” categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14328 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14329: A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data…

Published: 2021-05-27T20:15:00 Last Modified: 2021-06-07T18:37:00

Summary

A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14329 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10697: A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is…

Published: 2021-05-27T19:15:00 Last Modified: 2021-06-08T01:47:00

Summary

A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which memcached is designed. Theoretically, more sophisticated attacks can be performed by manipulating and crafting the cache, as Tower relies on memcached as a place to pull out setting values. Confidential and sensitive data stored in memcached should not be pulled, as this information is encrypted. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.

Common Weakness Enumeration (CWE): CWE-862: Missing Authorization

CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 3.9
  • CVSS: 3.6
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10697 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10698: A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the…

Published: 2021-05-27T19:15:00 Last Modified: 2021-06-07T20:07:00

Summary

A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10698 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10709: A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2…

Published: 2021-05-27T19:15:00 Last Modified: 2021-06-08T01:45:00

Summary

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. This flaw affects Ansible Tower versions before 3.6.4 and Ansible Tower versions before 3.5.6.

Common Weakness Enumeration (CWE): CWE-672: Operation on a Resource after Expiration or Release

CWE Description: The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 3.9
  • CVSS: 3.6
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10709 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-20191: A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by…

Published: 2021-05-26T21:15:00 Last Modified: 2021-06-03T13:59:00

Summary

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20191 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-20178: A flaw was found in ansible module where credentials are disclosed in the console log by default…

Published: 2021-05-26T12:15:00 Last Modified: 2021-06-03T15:57:00

Summary

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20178 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-20228: A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and…

Published: 2021-04-29T16:15:00 Last Modified: 2021-12-10T19:56:00

Summary

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-522: Insufficiently Protected Credentials

CWE Description: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20228 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-3447: A flaw was found in several ansible modules, where parameters containing credentials, such as…

Published: 2021-04-01T18:15:00 Last Modified: 2021-06-03T13:47:00

Summary

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3447 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2021-20253: A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape…

Published: 2021-03-09T18:15:00 Last Modified: 2021-06-02T16:35:00

Summary

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-552: Files or Directories Accessible to External Parties

CWE Description: The product makes files or directories accessible to unauthorized actors, even though they should not be.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 1.5
  • CVSS: 3.5
  • CVSS Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: SINGLE
  • Complexity: HIGH
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20253 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14365: A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine…

Published: 2020-09-23T13:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature

CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Scores

  • Impact Score: 9.2
  • Exploitability Score: 3.9
  • CVSS: 6.6
  • CVSS Vector: AV:L/AC:L/Au:N/C:N/I:C/A:C

Impact

  • Availability: COMPLETE
  • Confidentiality: NONE
  • Integrity: COMPLETE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14365 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14337: A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return…

Published: 2020-07-31T13:15:00 Last Modified: 2020-08-11T17:03:00

Summary

A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality.

Common Weakness Enumeration (CWE): CWE-209: Generation of Error Message Containing Sensitive Information

CWE Description: The software generates an error message that includes sensitive information about its environment, users, or associated data.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-14337 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10782: An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive…

Published: 2020-06-18T13:15:00 Last Modified: 2021-10-26T20:06:00

Summary

An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.

Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource

CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10782 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10744: An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary…

Published: 2020-05-15T14:15:00 Last Modified: 2020-05-29T14:10:00

Summary

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.

Common Weakness Enumeration (CWE): CWE-668: Exposure of Resource to Wrong Sphere

CWE Description: The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 1.9
  • CVSS: 3.7
  • CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10744 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1746: A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and…

Published: 2020-05-12T18:15:00 Last Modified: 2021-10-19T14:14:00

Summary

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.4
  • CVSS: 1.9
  • CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1746 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10685: A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and…

Published: 2020-05-11T14:15:00 Last Modified: 2021-12-21T12:40:00

Summary

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.

Common Weakness Enumeration (CWE): CWE-459: Incomplete Cleanup

CWE Description: The software does not properly “clean up” and remove temporary or supporting resources after they have been used.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.4
  • CVSS: 1.9
  • CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10685 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10691: An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when…

Published: 2020-04-30T17:15:00 Last Modified: 2020-05-21T14:49:00

Summary

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 3.9
  • CVSS: 3.6
  • CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10691 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2019-14905: A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8,…

Published: 2020-03-31T17:15:00 Last Modified: 2021-11-02T18:09:00

Summary

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible’s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

Common Weakness Enumeration (CWE): CWE-668: Exposure of Resource to Wrong Sphere

CWE Description: The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 3.9
  • CVSS: 4.6
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14905 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-10684: A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9…

Published: 2020-03-24T14:15:00 Last Modified: 2021-12-20T22:54:00

Summary

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.

Common Weakness Enumeration (CWE): CWE-862: Missing Authorization

CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 3.9
  • CVSS: 3.6
  • CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10684 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1738: A flaw was found in Ansible Engine when the module package or service is used and the parameter…

Published: 2020-03-16T16:15:00 Last Modified: 2021-08-04T17:14:00

Summary

A flaw was found in Ansible Engine when the module package or service is used and the parameter ‘use’ is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Common Weakness Enumeration (CWE): CWE-88: Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)

CWE Description: The software constructs a string for a command to executed by a separate componentin another control sphere, but it does not properly delimit theintended arguments, options, or switches within that command string.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 1.9
  • CVSS: 2.6
  • CVSS Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1738 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1740: A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a…

Published: 2020-03-16T16:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes “ansible-vault edit”, another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Common Weakness Enumeration (CWE): CWE-377: Insecure Temporary File

CWE Description: Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.4
  • CVSS: 1.9
  • CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1740 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1735: A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept…

Published: 2020-03-16T16:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 3.9
  • CVSS: 3.6
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1735 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1736: A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file…

Published: 2020-03-16T16:15:00 Last Modified: 2021-08-04T17:14:00

Summary

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource

CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1736 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1753: A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all…

Published: 2020-03-16T15:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.

Common Weakness Enumeration (CWE): CWE-214: Invocation of Process Using Visible Sensitive Information

CWE Description: A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1753 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1739: A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a…

Published: 2020-03-12T18:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument “password” of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 4.9
  • Exploitability Score: 3.4
  • CVSS: 3.3
  • CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1739 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1733: A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and…

Published: 2020-03-11T19:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with “umask 77 && mkdir -p

”; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating ‘/proc//cmdline’.

Common Weakness Enumeration (CWE): CWE-377: Insecure Temporary File

CWE Description: Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 1.9
  • CVSS: 3.7
  • CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1733 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1737: A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the…

Published: 2020-03-09T16:15:00 Last Modified: 2020-06-13T04:15:00

Summary

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 3.9
  • CVSS: 4.6
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1737 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-1734: A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the…

Published: 2020-03-03T22:15:00 Last Modified: 2020-05-29T14:11:00

Summary

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.

Common Weakness Enumeration (CWE): CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

CWE Description: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 1.9
  • CVSS: 3.7
  • CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1734 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2019-14864: Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before…

Published: 2020-01-02T15:15:00 Last Modified: 2021-08-07T15:15:00

Summary

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

Common Weakness Enumeration (CWE): CWE-117: Improper Output Neutralization for Logs

CWE Description: The software does not neutralize or incorrectly neutralizes output that is written to logs.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.0
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14864 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2019-19340: A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where…

Published: 2019-12-19T21:15:00 Last Modified: 2020-12-04T18:15:00

Summary

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with ‘-e rabbitmq_enable_manager=true’ exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.

Common Weakness Enumeration (CWE): CWE-1188: Insecure Default Initialization of Resource

CWE Description: The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 10.0
  • CVSS: 6.4
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-19340 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2019-19342: A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when…

Published: 2019-12-19T21:15:00 Last Modified: 2020-05-21T15:43:00

Summary

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the ‘#’ character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.

Common Weakness Enumeration (CWE): CWE-209: Generation of Error Message Containing Sensitive Information

CWE Description: The software generates an error message that includes sensitive information about its environment, users, or associated data.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-19342 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2019-19341: A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in…

Published: 2019-12-19T21:15:00 Last Modified: 2020-12-04T18:15:00

Summary

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in ‘/var/backup/tower’ are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.

Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource

CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-19341 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2019-14890: A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege…

Published: 2019-11-26T07:15:00 Last Modified: 2019-12-17T18:07:00

Summary

A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at ‘/api/v2/config’ when applying the Ansible Tower license.

Common Weakness Enumeration (CWE): CWE-312: Cleartext Storage of Sensitive Information

CWE Description: The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14890 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2019-14858: A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a…

Published: 2019-10-14T15:15:00 Last Modified: 2019-10-24T23:15:00

Summary

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14858 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2019-3869: When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed…

Published: 2019-03-28T14:29:00 Last Modified: 2020-05-21T15:41:00

Summary

When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.0
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3869 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2019-3838: It was found that the forceput operator could be extracted from the DefineResource method in…

Published: 2019-03-25T19:29:00 Last Modified: 2020-10-15T14:05:00

Summary

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3838 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2019-3835: It was found that the superexec operator was available in the internal dictionary in ghostscript…

Published: 2019-03-25T19:29:00 Last Modified: 2020-10-15T13:50:00

Summary

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

Common Weakness Enumeration (CWE): CWE-862: Missing Authorization

CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3835 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-16879: Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default…

Published: 2019-01-03T14:29:00 Last Modified: 2020-12-04T18:15:00

Summary

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.

Common Weakness Enumeration (CWE): CWE-311: Missing Encryption of Sensitive Data

CWE Description: The software does not encrypt sensitive or critical information before storage or transmission.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16879 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-16837: Ansible “User” module leaks any data which is passed on as a parameter to ssh-keygen. This could…

Published: 2018-10-23T15:29:00 Last Modified: 2019-10-03T00:03:00

Summary

Ansible “User” module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.

Common Weakness Enumeration (CWE): CWE-311: Missing Encryption of Sensitive Data

CWE Description: The software does not encrypt sensitive or critical information before storage or transmission.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2018-16837 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-1000805: Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access…

Published: 2018-10-08T15:29:00 Last Modified: 2021-12-28T13:15:00

Summary

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource

CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.0
  • CVSS: 6.5
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1000805 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-17456: Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x…

Published: 2018-10-06T14:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive “git clone” of a superproject if a .gitmodules file has a URL field beginning with a ‘-’ character.

Common Weakness Enumeration (CWE): CWE-88: Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)

CWE Description: The software constructs a string for a command to executed by a separate componentin another control sphere, but it does not properly delimit theintended arguments, options, or switches within that command string.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2018-17456 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2016-7070: A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a…

Published: 2018-09-11T13:29:00 Last Modified: 2019-10-09T23:19:00

Summary

A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 5.1
  • CVSS: 5.2
  • CVSS Vector: AV:A/AC:L/Au:S/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2016-7070 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2017-7528: Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF…

Published: 2018-08-22T16:29:00 Last Modified: 2019-10-09T23:29:00

Summary

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).

Common Weakness Enumeration (CWE): CWE-93: Improper Neutralization of CRLF Sequences (‘CRLF Injection’)

CWE Description: The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 6.5
  • CVSS: 3.3
  • CVSS Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2017-7528 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-10884: Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF)…

Published: 2018-08-22T14:29:00 Last Modified: 2019-10-09T23:33:00

Summary

Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.

Common Weakness Enumeration (CWE): CWE-352: Cross-Site Request Forgery (CSRF)

CWE Description: The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-10884 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2015-9262: _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause…

Published: 2018-08-01T23:29:00 Last Modified: 2019-04-16T19:08:00

Summary

_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-9262 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-14680: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank…

Published: 2018-07-28T23:29:00 Last Modified: 2021-04-26T11:45:00

Summary

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14680 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad…

Published: 2018-07-28T23:29:00 Last Modified: 2021-04-26T11:45:00

Summary

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14681 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-14682: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one…

Published: 2018-07-28T23:29:00 Last Modified: 2021-04-26T11:45:00

Summary

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

Common Weakness Enumeration (CWE): CWE-193: Off-by-one Error

CWE Description: A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14682 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-14679: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one…

Published: 2018-07-28T23:29:00 Last Modified: 2021-04-26T11:45:00

Summary

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

Common Weakness Enumeration (CWE): CWE-193: Off-by-one Error

CWE Description: A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14679 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2017-12148: A flaw was found in Ansible Tower’s interface before 3.1.5 and 3.2.0 with SCM repositories. If a…

Published: 2018-07-27T16:29:00 Last Modified: 2019-10-09T23:22:00

Summary

A flaw was found in Ansible Tower’s interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the ‘delete before update’ flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 10.0
  • Exploitability Score: 8.0
  • CVSS: 9.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact

  • Availability: COMPLETE
  • Confidentiality: COMPLETE
  • Integrity: COMPLETE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-12148 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-13988: Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory…

Published: 2018-07-25T23:29:00 Last Modified: 2019-04-25T14:16:00

Summary

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-13988 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

Published: 2018-07-05T18:29:00 Last Modified: 2019-05-08T18:21:00

Summary

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-12910 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-1061: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic…

Published: 2018-06-19T12:29:00 Last Modified: 2019-10-03T00:03:00

Summary

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1061 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-1060: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic…

Published: 2018-06-18T14:29:00 Last Modified: 2020-01-15T20:15:00

Summary

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib’s apop() method. An attacker could use this flaw to cause denial of service.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1060 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-0495: Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA…

Published: 2018-06-13T23:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Common Weakness Enumeration (CWE): CWE-203: Observable Discrepancy

CWE Description: The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.4
  • CVSS: 1.9
  • CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2018-0495 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2017-18267: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote…

Published: 2018-05-10T15:29:00 Last Modified: 2020-07-23T12:15:00

Summary

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-18267 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-10768: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an…

Published: 2018-05-06T23:29:00 Last Modified: 2019-04-25T18:38:00

Summary

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-10768 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-10767: There is a stack-based buffer over-read in calling GLib in the function…

Published: 2018-05-06T23:29:00 Last Modified: 2019-10-03T00:03:00

Summary

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-10767 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-10733: There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in…

Published: 2018-05-04T17:29:00 Last Modified: 2019-10-03T00:03:00

Summary

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-10733 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-1104: Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to…

Published: 2018-05-02T19:29:00 Last Modified: 2019-10-09T23:38:00

Summary

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.

Common Weakness Enumeration (CWE): CWE-94: Improper Control of Generation of Code (‘Code Injection’)

CWE Description: The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.0
  • CVSS: 6.5
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1104 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-1101: Ansible Tower before version 3.2.4 has a flaw in the management of system and organization…

Published: 2018-05-02T18:29:00 Last Modified: 2019-10-09T23:38:00

Summary

Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.

Common Weakness Enumeration (CWE): CWE-521: Weak Password Requirements

CWE Description: The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.0
  • CVSS: 6.5
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1101 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat