A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. At the of the deployment procedure, these files are deleted. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. Corporation. The highest threat from this vulnerability is to confidentiality. An attacker could take advantage to overwrite any file within the system. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. There are NO warranties, implied or otherwise, with regard to this information or its use. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. However, this ansible playbook is only an example in the upstream repository and it is not shipped in officially supported versions of convert2rhel. The highest threat from this vulnerability is to data confidentiality. This issue affects directly data confidentiality. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. ** DISPUTED ** core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. Terms of Use | Versions before ansible 2.9.18 are affected. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. a bug in Kubernetes) or misconfiguration that allows an attacker to run code inside the Weave Net pod, No such bug is known at the time of release, and there are no known instances of this being exploited. This flaw allows an attacker to steal bitbucket_pipeline credentials. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. Restund is an open source NAT traversal server. Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. Some of these fields in GCP modules are not set properly. In an environment where logs are shared with other parties, this could lead to privilege escalation. The Ansible extension is unaffected. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response. An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. A flaw was found in Ansible Galaxy Collections. Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Note: this vulnerability was fixed on 2015-03-06, but the version number was not changed. Restund will still perform STUN and this might already be enough for initiating calls in your environments. An attacker can take advantage of this information to steal those credentials. This flaw does not affect Ansible modules, as those are executed in a separate process. A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. This could lead to the disclosure of sensitive data. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/. An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection. Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files. : CVE-2009-1234 or 2010-1234 or 20101234), Take a third party risk management course for FREE, How does it work? An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. Malicious code could craft the filename parameter to perform OS command injections. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. Ansible Engine 2.8 and older are believed to be vulnerable. CVE and the CVE logo are registered trademarks of The MITRE Corporation. If the default admin user is still active, an attacker could guess the password and gain access to the system. Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. The highest threat from this vulnerability is to confidentiality. This setting was not necessary, and is being removed. In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. An attacker could easily guess some predictable passwords or brute force the password. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster. Access to data is the highest threat with this vulnerability. This flaw affects Ansible Engine versions before 2.9.6. This would discloses and collects any sensitive data. An exposure of sensitive information flaw was found in Ansible version 3.7.0. The temporary directory is created in /tmp leaves the s ts unencrypted. A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. Any use of this information is at the user's risk. Site Map | Ansible) and remove those mounts from the DaemonSet manifest. A flaw was found in the use of insufficiently random values in Ansible. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. This directly impacts confidentiality. A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. The main threat from this vulnerability is data confidentiality. Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. This flaw allows unauthorized users to read this data. A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is. A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. Ansible prior to 1.5.4 mishandles the evaluation of some strings. Follow CVE. Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/. Thus the previous password would still be active when it should have been changed. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. This directory is created with "umask 77 && mkdir -p
"; this operation does not fail if the directory already exists and is owned by another user. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Use of the CVE List and the associated references from this website are subject to the terms of use. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as. You are only vulnerable if you have an additional vulnerability (e.g. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. Passwords should be wrapped to prevent templates trigger and exposing them. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. When this occurs, there is a race condition on the managed machine. Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. Weave Net is supplied with a manifest that runs pods on every node in a Kubernetes cluster, which are responsible for managing network connections for all other pods in the cluster. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback). ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information. Tower runs a memcached, which is accessed via TCP. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. A flaw was found in Ansible Tower in versions before 3.7.2. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. For example other services in the same VPC where the TURN server is running. By taking advantage of unintended variable substitution the content of any variable may be disclosed. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetical other factors, i.e., an affected use case within a library caller, and a bug in the message receiver policy code that led to reliance on this extra protection mechanism. A flaw was found in the Ansible Engine when the fetch module is used. Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. A flaw was found in Ansible Tower when running Openshift. The highest threat from this vulnerability is to confidentiality and integrity. ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. This issue affects mainly the service availability. A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. Any secret information in an async status file will be readable by a malicious user on that system. Any sensitive data managed by that function would be leak as an output when running ansible playbooks. This flaw affects Ansible Tower versions before 3.6.4 and Ansible Tower versions before 3.5.6. (e.g. Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. This requires a lot of power over the host, and the manifest sets `privileged: true`, which gives it that power. The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Copyright 19992022, The MITRE Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. Files would remain in the bucket exposing the data. The highest threat from this vulnerability is to data confidentiality. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which memcached is designed. A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. Corporation. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.
Sitemap 14