CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 1CVE-2020-1733 – ansible: insecure temporary directory when running become_user from become directive
https://notcve.org/view.php?id=CVE-2020-1733
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'. Se encontró un fallo de condición de carrera en Ansible Engine versiones 2.7.17 y anteriores, 2.8.9 y anteriores, 2.9.6 y anteriores, cuando se ejecuta un playbook con un usuario convertido a no privilegiado. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733 https://github.com/ansible/ansible/issues/67791 https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJK • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-377: Insecure Temporary File •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14904 – Ansible: vulnerability in solaris_zone module via crafted solaris zone
https://notcve.org/view.php?id=CVE-2019-14904
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. Se encontró un fallo en el módulo solaris_zone de los módulos de la Comunidad Ansible. • https://bugzilla.redhat.com/show_bug.cgi?id=1776944 https://github.com/ansible/ansible/pull/65686 https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html https://www.debian.org/security/2021/dsa-4950 https://access.redhat.com/security/cve/CVE-2019-14904 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 1CVE-2019-14864 – Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
https://notcve.org/view.php?id=CVE-2019-14864
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. Ansible, versiones 2.9.x anteriores a la versión 2.9.1, versiones 2.8.x anteriores a la versión 2.8.7 y Ansible versiones 2.7.x anteriores a la versión 2.7.15, no respeta el flag no_log, configurado en True cuando los plugins de devolución de llamada Sumologic y Splunk son usados para enviar eventos de resultados de tareas para coleccionistas. Esto revelaría y recolectaría cualquier información confidencial. A data disclosure flaw was found in Ansible when using the Splunk and Sumologic modules, as they are not respecting when the flag no_log is enabled. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864 https://github.com/ansible/ansible/issues/63522 https://github.com/ansible/ansible/pull/63527 https://www.debian.org/security/2021/dsa-4950 https://access.redhat.com/security/cve/CVE-2019-14864 https://bugzilla.redhat.com/show_bug.cgi?id=1764148 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-14856 – ansible: Incomplete fix for CVE-2019-10206
https://notcve.org/view.php?id=CVE-2019-14856
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None ansible versiones anteriores a 2.8.6, 2.7.14, 2.6.20 es vulnerable a un None The fix for CVE-2019-10206 was found to be incomplete for the data disclosure flaw in ansible. Password prompts in ansible-playbook and ansible-cli tools could expose passwords with special characters as they are not properly wrapped. A password with special characters is exposed starting with the first of these special characters. The highest threat from this vulnerability is to data confidentiality. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://access.redhat.com/errata/RHSA-2020:0756 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856 https://access.redhat.com/security/cve/CVE-2019-14856 https://bugzilla.redhat.com/show_bug.cgi?id=1760829 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10217 – Ansible: gcp modules do not flag sensitive data fields properly
https://notcve.org/view.php?id=CVE-2019-10217
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks. Se encontró un fallo en ansible versiones 2.8.0 anteriores a 2.8.4. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10217 https://github.com/ansible/ansible/issues/56269 https://github.com/ansible/ansible/pull/59427 https://access.redhat.com/security/cve/CVE-2019-10217 https://bugzilla.redhat.com/show_bug.cgi?id=1733509 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •