CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 1CVE-2020-1733 – ansible: insecure temporary directory when running become_user from become directive
https://notcve.org/view.php?id=CVE-2020-1733
11 Mar 2020 — A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-1737 – ansible: Extract-Zip function in win_unzip module does not check extracted path
https://notcve.org/view.php?id=CVE-2020-1737
09 Mar 2020 — A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10. Se detectó un fallo en Ansible versiones 2.7.17 y anteriores, versiones 2.8.9 y anteriores, y versiones 2.9.6 y anteriores, cuando se... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-1734
https://notcve.org/view.php?id=CVE-2020-1734
03 Mar 2020 — A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts. Se encontró un fallo en el plugin pipe lookup de ansible. Los comandos arbitrarios se pueden ejecutar, cuando el plugin pipe lookup utiliza la función subprocess.Popen() con shell=True,... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19340 – Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly
https://notcve.org/view.php?id=CVE-2019-19340
17 Dec 2019 — A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system. Se encontró un fallo en Ansible Tower, versiones 3.6.x anteriores a 3.6.2 y versiones 3.5.x anteriores a 3.5.3, donde habilitar el administrador de RabbitMQ configu... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19341 – Tower: intermediate files during Tower backup are world-readable
https://notcve.org/view.php?id=CVE-2019-19341
17 Dec 2019 — A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability. Se encontró un fallo en Ansible Tower, versiones 3.6.x anteriores a 3.6.2, donde los archivos en "/var/backup/tower" pueden ser wor... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19342 – Tower: special characters in RabbitMQ passwords causes web socket 500 error
https://notcve.org/view.php?id=CVE-2019-19342
17 Dec 2019 — A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password. Se encontró un fallo en Ansible Tower, versiones 3.6.x anteriores a 3.6.2 y versiones 3.5.x anteriores a... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19342 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14890 – Tower: RHSM username and password exposed after license application
https://notcve.org/view.php?id=CVE-2019-14890
25 Nov 2019 — A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. Se encontró una vulnerabilidad en Ansible Tower anterior de la versión 3.6.1, donde un atacante con pocos privilegios podía recuperar nombres de usuario y credenciales de contraseñas del nuevo RHSM guardado en texto plano en la base de datos en '/ api... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14890 • CWE-312: Cleartext Storage of Sensitive Information •