CVE-2020-10685
Ansible: modules which use files encrypted with vault are not properly cleaned up
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.
Se detectó un fallo en Ansible Engine que afectaba a Ansible Engine versiones 2.7.x anteriores a 2.7.17 y versiones 2.8.x anteriores a 2.8.11 y versiones 2.9.x anteriores a 2.9.7, así como a Ansible Tower versiones anteriores e incluyendo a 3.4.5 y 3.5.5 y 3.6.3 cuando se usan módulos que descifran archivos del almacén tales como assemble, script, unarchive, win_copy, aws_s3 o módulos de copia. El directorio temporal que es creado en /tmp deja la s ts sin cifrar. En los sistemas operativos que /tmp no es un tmpfs sino parte de la partición root, el directorio solo es borrado en el arranque y el descifrado permanece cuando el host está apagado. El sistema será vulnerable cuando el sistema no se esté ejecutando. Por lo tanto, los datos descifrados necesitan ser borrados lo antes posible y los datos que normalmente están cifrados disponibles.
A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.
On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-20 CVE Reserved
- 2020-04-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-459: Incomplete Cleanup
CAPEC
References (6)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685 | 2023-11-07 | |
| https://github.com/ansible/ansible/pull/68433 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202006-11 | 2023-11-07 | |
| https://www.debian.org/security/2021/dsa-4950 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2020-10685 | 2020-04-22 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1814627 | 2020-04-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Ansible Engine Search vendor "Redhat" for product "Ansible Engine" | >= 2.7.0 < 2.7.17 Search vendor "Redhat" for product "Ansible Engine" and version " >= 2.7.0 < 2.7.17" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Engine Search vendor "Redhat" for product "Ansible Engine" | >= 2.8.0 < 2.8.11 Search vendor "Redhat" for product "Ansible Engine" and version " >= 2.8.0 < 2.8.11" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Engine Search vendor "Redhat" for product "Ansible Engine" | >= 2.9.0 < 2.9.7 Search vendor "Redhat" for product "Ansible Engine" and version " >= 2.9.0 < 2.9.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | <= 3.4.5 Search vendor "Redhat" for product "Ansible Tower" and version " <= 3.4.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | >= 3.5.0 <= 3.5.5 Search vendor "Redhat" for product "Ansible Tower" and version " >= 3.5.0 <= 3.5.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | >= 3.6.0 <= 3.6.3 Search vendor "Redhat" for product "Ansible Tower" and version " >= 3.6.0 <= 3.6.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 2.0 Search vendor "Redhat" for product "Ceph Storage" and version "2.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 3.0 Search vendor "Redhat" for product "Ceph Storage" and version "3.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 10 Search vendor "Redhat" for product "Openstack" and version "10" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 13 Search vendor "Redhat" for product "Openstack" and version "13" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 15 Search vendor "Redhat" for product "Openstack" and version "15" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Storage Search vendor "Redhat" for product "Storage" | 3.0 Search vendor "Redhat" for product "Storage" and version "3.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||