Ansible Engine/Ansible Tower Decryption /tmp temp file

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Ansible Engine and Ansible Tower. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file /tmp of the component Decryption Handler. Upgrading eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1052444010/16/2020VulD...cve_cnaRed Hat, Inc.nvd.nist.gov10/16/2020accepted70
1052443910/16/2020VulD...confirm_urlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685cve.mitre.org10/16/2020accepted70
1007257305/12/2020VulD...cve_nvd_summaryA flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.mitre.org05/12/2020accepted100
1007257205/12/2020VulD...cve_assigned1584662400mitre.org05/12/2020accepted100
1007256405/12/2020VulD...cvss3_nvd_aNnist.gov05/12/2020accepted100
1007256305/12/2020VulD...cvss3_nvd_iNnist.gov05/12/2020accepted100
1007256205/12/2020VulD...cvss3_nvd_cHnist.gov05/12/2020accepted100
1007256105/12/2020VulD...cvss3_nvd_sUnist.gov05/12/2020accepted100
1007256005/12/2020VulD...cvss3_nvd_uiRnist.gov05/12/2020accepted100
1007255905/12/2020VulD...cvss3_nvd_prLnist.gov05/12/2020accepted100
1007255805/12/2020VulD...cvss3_nvd_acLnist.gov05/12/2020accepted100
1007255705/12/2020VulD...cvss3_nvd_avLnist.gov05/12/2020accepted100
1007253505/12/2020VulD...cwe377 (privilege escalation)05/12/2020accepted100
1007258005/12/2020VulD...cvss3_nvd_basescore5.0nist.gov05/12/2020accepted90
1007257905/12/2020VulD...cvss3_vuldb_rcX05/12/2020accepted90
1007257805/12/2020VulD...cvss3_vuldb_rlO05/12/2020accepted90
1007257705/12/2020VulD...cvss3_vuldb_eX05/12/2020accepted90
1007257605/12/2020VulD...cvss2_vuldb_rcND05/12/2020accepted90
1007257505/12/2020VulD...cvss2_vuldb_rlOF05/12/2020accepted90
1007257405/12/2020VulD...cvss2_vuldb_eND05/12/2020accepted90

Do you want to use VulDB in your project?

Use the official API to access entries easily!