CVSS: 3.3EPSS: 0%CPEs: 12EXPL: 1CVE-2020-1736 – ansible: atomic_move primitive sets permissive permissions
https://notcve.org/view.php?id=CVE-2020-1736
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. Se detectó un fallo en Ansible Engine, cuando un archivo es movido usando la función atomic_move primitiva ya que el modo de archivo no puede ser especificado. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736 https://github.com/ansible/ansible/issues/67794 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7 https://security.gentoo.org/glsa/202006-11 https://access.redhat.com/security/cve/CVE-2020-1736 https://bugzilla.redhat.com/show_bug.cgi?id=1802124 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2020-1753 – Ansible: kubectl connection plugin leaks sensitive information
https://notcve.org/view.php?id=CVE-2020-1753
A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files. Se detectó un fallo de seguridad en Ansible Engine, todas las versiones de Ansible 2.7.x anteriores a 2.7.17, todas las versiones de Ansible 2.8.x anteriores a 2.8.11 y todas las versiones de Ansible 2.9.x anteriores a 2.9.7, cuando se administra kubernetes usando el módulo k8s. Los parámetros confidenciales, tales como contraseñas y tokens, son pasados a kubectl desde la línea de comandos, sin utilizar una variable de entorno o un archivo de configuración de entrada. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753 https://github.com/ansible-collections/kubernetes/pull/51 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB https://security.gentoo.org/glsa/202006-11 https: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-214: Invocation of Process Using Visible Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 3.9EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1739 – ansible: svn module leaks password when specified as a parameter
https://notcve.org/view.php?id=CVE-2020-1739
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. Se detectó un fallo en Ansible versiones 2.7.16 y anteriores, versiones 2.8.8 y anteriores y versiones 2.9.5 y anteriores, cuando es establecida una contraseña con el argumento "password" del módulo svn, es usado en la línea de comandos svn, revelando a otros usuarios dentro del mismo nodo. Un atacante podría tomar ventaja de ello mediante una lectura del archivo cmdline de ese PID en particular en los procfs. A flaw was found in Ansible Engine. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739 https://github.com/ansible/ansible/issues/67797 https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPL • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 1CVE-2020-1733 – ansible: insecure temporary directory when running become_user from become directive
https://notcve.org/view.php?id=CVE-2020-1733
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'. Se encontró un fallo de condición de carrera en Ansible Engine versiones 2.7.17 y anteriores, 2.8.9 y anteriores, 2.9.6 y anteriores, cuando se ejecuta un playbook con un usuario convertido a no privilegiado. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733 https://github.com/ansible/ansible/issues/67791 https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJK • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-377: Insecure Temporary File •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-1737 – ansible: Extract-Zip function in win_unzip module does not check extracted path
https://notcve.org/view.php?id=CVE-2020-1737
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10. Se detectó un fallo en Ansible versiones 2.7.17 y anteriores, versiones 2.8.9 y anteriores, y versiones 2.9.6 y anteriores, cuando se usa la función Extract-Zip desde el módulo win_unzip ya que los archivos extraídos no son comprobados si pertenecen a la carpeta de destino. Un atacante podría tomar ventaja de este fallo al crear un archivo en cualquier parte del sistema de archivos, utilizando un salto de ruta. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737 https://github.com/ansible/ansible/issues/67795 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2 https://security.gentoo.org/glsa/202006-11 https://a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •