Ansible Engine/Ansible Tower Decryption /tmp elévation de privilèges

entréeeditHistoryDiffjsonxmlCTI

Une vulnérabilité qui a été classée problématique a été trouvée dans Ansible Engine et Ansible Tower. Ceci affecte une fonction inconnue du fichier /tmp du composant Decryption Handler. Mettre à jour élimine cette vulnérabilité.

Chronologie

Utilisateur

Domaine

Commit Conf

Approve Conf

IDEngagéUtilisateurDomaineChangementRemarquesModéréRaisonC
1052444016/10/2020VulD...cve_cnaRed Hat, Inc.nvd.nist.gov16/10/2020accepté70
1052443916/10/2020VulD...confirm_urlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685cve.mitre.org16/10/2020accepté70
1007257312/05/2020VulD...cve_nvd_summaryA flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.mitre.org12/05/2020accepté100
1007257212/05/2020VulD...cve_assigned1584662400mitre.org12/05/2020accepté100
1007256412/05/2020VulD...cvss3_nvd_aNnist.gov12/05/2020accepté100
1007256312/05/2020VulD...cvss3_nvd_iNnist.gov12/05/2020accepté100
1007256212/05/2020VulD...cvss3_nvd_cHnist.gov12/05/2020accepté100
1007256112/05/2020VulD...cvss3_nvd_sUnist.gov12/05/2020accepté100
1007256012/05/2020VulD...cvss3_nvd_uiRnist.gov12/05/2020accepté100
1007255912/05/2020VulD...cvss3_nvd_prLnist.gov12/05/2020accepté100
1007255812/05/2020VulD...cvss3_nvd_acLnist.gov12/05/2020accepté100
1007255712/05/2020VulD...cvss3_nvd_avLnist.gov12/05/2020accepté100
1007253512/05/2020VulD...cwe377 (elévation de privilèges)12/05/2020accepté100
1007258012/05/2020VulD...cvss3_nvd_basescore5.0nist.gov12/05/2020accepté90
1007257912/05/2020VulD...cvss3_vuldb_rcX12/05/2020accepté90
1007257812/05/2020VulD...cvss3_vuldb_rlO12/05/2020accepté90
1007257712/05/2020VulD...cvss3_vuldb_eX12/05/2020accepté90
1007257612/05/2020VulD...cvss2_vuldb_rcND12/05/2020accepté90
1007257512/05/2020VulD...cvss2_vuldb_rlOF12/05/2020accepté90
1007257412/05/2020VulD...cvss2_vuldb_eND12/05/2020accepté90

Might our Artificial Intelligence support you?

Check our Alexa App!