CVE-2020-14329 – Tower: Sensitive Data Exposure on Label
https://notcve.org/view.php?id=CVE-2020-14329
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo de exposición de datos en Ansible Tower en versiones anteriores a 3.7.2, donde los datos confidenciales pueden estar expuestos desde el endpoint /api/v2/labels/. Este fallo permite a usuarios de otras organizaciones en el sistema recuperar cualquier etiqueta de la organización y también divulgar los nombres de las organizaciones. • https://bugzilla.redhat.com/show_bug.cgi?id=1856787 https://access.redhat.com/security/cve/CVE-2020-14329 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-14327 – Tower: SSRF: Server Side Request Forgery on Credential
https://notcve.org/view.php?id=CVE-2020-14327
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response. Se encontró un fallo de tipo Server-side request forgery (SSRF) en Ansible Tower en versiones anteriores a 3.6.5 y anteriores a 3.7.2. Es abusada de la funcionalidad en el servidor Tower al proporcionar una URL que podría conllevar al servidor a procesarla. • https://bugzilla.redhat.com/show_bug.cgi?id=1856785 https://access.redhat.com/security/cve/CVE-2020-14327 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2020-10782 – Tower: rsyslog configuration has world readable permissions
https://notcve.org/view.php?id=CVE-2020-10782
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1. Se encontró un fallo de exposición de información sensible en la versión 3.7.0 de Ansible. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10782 https://access.redhat.com/security/cve/CVE-2020-10782 https://bugzilla.redhat.com/show_bug.cgi?id=1847843 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-1736 – ansible: atomic_move primitive sets permissive permissions
https://notcve.org/view.php?id=CVE-2020-1736
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. Se detectó un fallo en Ansible Engine, cuando un archivo es movido usando la función atomic_move primitiva ya que el modo de archivo no puede ser especificado. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736 https://github.com/ansible/ansible/issues/67794 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7 https://security.gentoo.org/glsa/202006-11 https://access.redhat.com/security/cve/CVE-2020-1736 https://bugzilla.redhat.com/show_bug.cgi?id=1802124 • CWE-732: Incorrect Permission Assignment for Critical Resource •