CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-1737 – ansible: Extract-Zip function in win_unzip module does not check extracted path
https://notcve.org/view.php?id=CVE-2020-1737
09 Mar 2020 — A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10. Se detectó un fallo en Ansible versiones 2.7.17 y anteriores, versiones 2.8.9 y anteriores, y versiones 2.9.6 y anteriores, cuando se... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-1734
https://notcve.org/view.php?id=CVE-2020-1734
03 Mar 2020 — A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts. Se encontró un fallo en el plugin pipe lookup de ansible. Los comandos arbitrarios se pueden ejecutar, cuando el plugin pipe lookup utiliza la función subprocess.Popen() con shell=True,... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 10EXPL: 0CVE-2019-14905 – Ansible: malicious code could craft filename in nxos_file_copy module
https://notcve.org/view.php?id=CVE-2019-14905
23 Jan 2020 — A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. Se detectó una vulnerabilidad en Ansible Engine versiones 2.9.x anteriores a 2.9.3, versiones 2.8.x anteriores a ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14858 – ansible: sub parameters marked as no_log are not masked in certain failure scenarios
https://notcve.org/view.php?id=CVE-2019-14858
14 Oct 2019 — A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task. Se detectó una vul... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3869 – Tower: credentials leaked through environment variables
https://notcve.org/view.php?id=CVE-2019-3869
28 Mar 2019 — When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges. Al ejecutar Tower, en versiones anteriores a la 3.4.3 en OpenShift o Kubernetes, las credenciales de aplicación se exponen a ejecuciones "playbook job" mediante variables de entorno. Un usuario malicioso capacitado para escribir playbooks podría utilizar esto para ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3869 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-214: Invocation of Process Using Visible Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16879
https://notcve.org/view.php?id=CVE-2018-16879
03 Jan 2019 — Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files. Ansible Tower en versiones anteriores a la 3.3.3 no establece un canal seguro, ya que utiliza los ajustes del canal de configuración inseguros por defecto para comunicarse con los trabaj... • http://www.securityfocus.com/bid/106310 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7070
https://notcve.org/view.php?id=CVE-2016-7070
11 Sep 2018 — A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database. Se ha encontrado un error de escalado de privilegios en Ansible Tower. Cuando Tower en versiones anteriores a la 3.0.3 despliega una base de datos PostgreSQL, configura incorrectamente el nivel de confianza del usuario postgres. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7070 • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1104 – ansible-tower: Remote code execution by users with access to define variables in job templates
https://notcve.org/view.php?id=CVE-2018-1104
02 May 2018 — Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. Ansible Tower hasta la versión 3.2.3 tiene una vulnerabilidad que permite que usuarios que solo tienen acceso para definir variables para una plantilla de trabajo ejecuten código arbitrario en el servidor Tower. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of mana... • https://access.redhat.com/errata/RHSA-2018:1328 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1101 – ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges
https://notcve.org/view.php?id=CVE-2018-1101
02 May 2018 — Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system. Ansible Tower en versiones anteriores a la 3.2.4 tiene un error en la gestión de administradores de sistema y organización que permite el escalado de privilegios. Los administradores ... • https://access.redhat.com/errata/RHSA-2018:1328 • CWE-266: Incorrect Privilege Assignment CWE-521: Weak Password Requirements •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2017-12148 – Tower: modification of git hooks in SCM repo via upstream playbook execution
https://notcve.org/view.php?id=CVE-2017-12148
24 Oct 2017 — A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as. Se ha encontrado un fallo e... • https://access.redhat.com/errata/RHSA-2017:3005 • CWE-20: Improper Input Validation •