CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10783 – CloudForms: Missing access control leads to escalation of admin group privileges
https://notcve.org/view.php?id=CVE-2020-10783
06 Aug 2020 — Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files. Red Hat CloudForms versiones 4.7 y 5, está afectado por un fallo de escalada de privilegios basada en roles. Un atacante con grupo EVM-Operador puede llevar a cabo acciones restringidas solo para el grupo EVM-Super-administrador, conlleva a, exportar o importar archiv... • https://access.redhat.com/security/cve/cve-2020-10783 • CWE-284: Improper Access Control •
CVSS: 3.9EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1738 – Gentoo Linux Security Advisory 202006-11
https://notcve.org/view.php?id=CVE-2020-1738
16 Mar 2020 — A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. Se detectó un fallo en Ansible Engine, cuando el paquete o servicio del módulo es usado y el parámetro "use" no es especificado. Si una tarea anterior es ejecutada con un usuario ma... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1740 – ansible: secrets readable after ansible-vault edit
https://notcve.org/view.php?id=CVE-2020-1740
16 Mar 2020 — A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerabl... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-377: Insecure Temporary File •
CVSS: 4.6EPSS: 0%CPEs: 13EXPL: 1CVE-2020-1735 – ansible: path injection on dest parameter in fetch module
https://notcve.org/view.php?id=CVE-2020-1735
16 Mar 2020 — A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. Se detectó un fallo en el Ansible Engine cuando es usado el módulo de búsqueda. Un atacante podría interceptar el módulo, inyectar una nueva ruta y luego elegir una nueva ruta destino en el nodo del controlador. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.3EPSS: 0%CPEs: 12EXPL: 1CVE-2020-1736 – ansible: atomic_move primitive sets permissive permissions
https://notcve.org/view.php?id=CVE-2020-1736
16 Mar 2020 — A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. Se detectó un fallo en Ansible Engine, cuando un archivo es movido u... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 3.9EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1739 – ansible: svn module leaks password when specified as a parameter
https://notcve.org/view.php?id=CVE-2020-1739
12 Mar 2020 — A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. Se detectó un fallo en Ansible versiones 2.7.16 y anteriores, versiones 2.8.8 y anteriores y versiones 2.9.5 y anteriores, cuando es establecida una contraseña con el argumento "pas... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 1CVE-2020-1733 – ansible: insecure temporary directory when running become_user from become directive
https://notcve.org/view.php?id=CVE-2020-1733
11 Mar 2020 — A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14894 – CloudForms: RCE vulnerability in NFS schedule backup
https://notcve.org/view.php?id=CVE-2019-14894
25 Feb 2020 — A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root. Se encontró un fallo en el motor de administración de CloudForms versión 5.10 y la administración de CloudForms versión 5.11, que desencadenó una ejecución de código remota por medio de la copia de segu... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14894 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 10EXPL: 0CVE-2019-14905 – Ansible: malicious code could craft filename in nxos_file_copy module
https://notcve.org/view.php?id=CVE-2019-14905
23 Jan 2020 — A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. Se detectó una vulnerabilidad en Ansible Engine versiones 2.9.x anteriores a 2.9.3, versiones 2.8.x anteriores a ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3536
https://notcve.org/view.php?id=CVE-2014-3536
15 Dec 2019 — CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration CFME (CloudForms Management Engine) versión 5: la información de la cuenta RHN es registrada en el archivo top_output.log durante el registro. • https://access.redhat.com/security/cve/cve-2014-3536 • CWE-532: Insertion of Sensitive Information into Log File •