CVE-2020-10697

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which memcached is designed. Theoretically, more sophisticated attacks can be performed by manipulating and crafting the cache, as Tower relies on memcached as a place to pull out setting values. Confidential and sensitive data stored in memcached should not be pulled, as this information is encrypted. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.

Se encontró un fallo en Ansible Tower cuando se ejecuta Openshift. Tower ejecuta un memcached, al que es accedido por medio de TCP. Un atacante puede explotar la posibilidad de escribir un libro de jugadas que contamine este caché y causar un ataque de denegación de servicio. Este ataque no detendría por completo el servicio, pero en el peor de los casos, puede reducir el rendimiento de la torre, para lo cual está diseñado Memcached. En teoría, más ataques sofisticados pueden ser llevados a cabo al manipular y diseñar la caché, ya que Tower confía en memcached como un lugar para extraer valores de configuración. Los datos confidenciales y sensibles almacenados en memcached no deben ser extraidos, ya que esta información está cifrada. Este fallo afecta a Ansible Tower versiones anteriores a 3.6.4, Ansible Tower versiones anteriores a 3.5.6 y Ansible Tower a versiones anteriores a 3.4.6

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-03-20 CVE Reserved
2021-05-27 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-862: Missing Authorization

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=1818445	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Ansible Tower Search vendor "Redhat" for product "Ansible Tower"				< 3.4.6 Search vendor "Redhat" for product "Ansible Tower" and version " < 3.4.6"		-		Affected
Redhat Search vendor "Redhat"		Ansible Tower Search vendor "Redhat" for product "Ansible Tower"				>= 3.5.0 < 3.5.6 Search vendor "Redhat" for product "Ansible Tower" and version " >= 3.5.0 < 3.5.6"		-		Affected
Redhat Search vendor "Redhat"		Ansible Tower Search vendor "Redhat" for product "Ansible Tower"				>= 3.6.0 < 3.6.4 Search vendor "Redhat" for product "Ansible Tower" and version " >= 3.6.0 < 3.6.4"		-		Affected