CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 1CVE-2020-1733 – ansible: insecure temporary directory when running become_user from become directive
https://notcve.org/view.php?id=CVE-2020-1733
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'. Se encontró un fallo de condición de carrera en Ansible Engine versiones 2.7.17 y anteriores, 2.8.9 y anteriores, 2.9.6 y anteriores, cuando se ejecuta un playbook con un usuario convertido a no privilegiado. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733 https://github.com/ansible/ansible/issues/67791 https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJK • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-377: Insecure Temporary File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4659
https://notcve.org/view.php?id=CVE-2014-4659
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. Ansible versiones anteriores a 1.5.5, establece los permisos 0644 para sources.list, lo que podría permitir a usuarios locales obtener información confidencial de credenciales en circunstancias oportunistas mediante la lectura de un archivo que utiliza el formato "deb http://user:pass@server:port/". • https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md https://www.securityfocus.com/bid/68234 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4658
https://notcve.org/view.php?id=CVE-2014-4658
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. El subsistema vault en Ansible versiones anteriores a 1.5.5, no establece el umask antes de la creación o modificación de un archivo vault, lo que permite a usuarios locales obtener información confidencial de claves mediante la lectura de un archivo. • https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md https://www.securityfocus.com/bid/68233 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4660
https://notcve.org/view.php?id=CVE-2014-4660
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. Ansible versiones anteriores a 1.5.5, construye nombres de archivos que contienen campos de usuario y contraseña sobre la base de líneas deb en sources.list, lo que podría permitir a usuarios locales obtener información confidencial de credenciales en circunstancias oportunistas al aprovechar la existencia de un archivo que utiliza el formato "deb http://user:pass@server:port/". • https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08 https://security-tracker.debian.org/tracker/CVE-2014-4660 https://www.openwall.com/lists/oss-security/2014/06/26/19 https://www.securityfocus.com/bid/68231 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14904 – Ansible: vulnerability in solaris_zone module via crafted solaris zone
https://notcve.org/view.php?id=CVE-2019-14904
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. Se encontró un fallo en el módulo solaris_zone de los módulos de la Comunidad Ansible. • https://bugzilla.redhat.com/show_bug.cgi?id=1776944 https://github.com/ansible/ansible/pull/65686 https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html https://www.debian.org/security/2021/dsa-4950 https://access.redhat.com/security/cve/CVE-2019-14904 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •