CVE-2020-10684

Aliases:GHSA-p62g-jhg6-v3rqPYSEC-2020-207
Advisory lineage Upstream: 0 Downstream: 15
Modified
Published: 24 Mar 2020, 00:00
Last modified:04 Aug 2024, 11:06

Vulnerability Summary

Overall Risk (default)
medium
32/100
CVSS Score
7.9 HIGH
v3.1 (cve.org)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

24 Mar 2020, 00:00
Published
Vulnerability first disclosed
04 Aug 2024, 11:06
Last Modified
Vulnerability information updated

Description

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.

CVSS Metrics

  • v4.0MEDIUMScore: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
  • v3.1HIGHScore: 7.9CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H
  • v3.1HIGHScore: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • v2.0LOWScore: 3.6AV:L/AC:L/Au:N/C:N/I:P/A:P

EPSS Trends

Current EPSS score: 0.03% Percentile: 9%

Techniques & Countermeasures

  • CWE-94Improper Control of Generation of Code ('Code Injection')

    The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

  • CWE-862Missing Authorization

    The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

  • CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

  • debiandebian_linux

    10.0

  • fedoraprojectfedora

    30 | 31 | 32

  • PyPIansible

    ≥ 2.7.0a1, < 2.7.17 | ≥ 2.8.0a1, < 2.8.11 | ≥ 2.9.0a1, < 2.9.7 | ≥ 2.9.0, < 2.9.6

  • red hatansible

    all Ansible 2.7.x versions prior to 2.7.17 | all Ansible 2.8.x versions prior to 2.8.9 | all Ansible 2.9.x versions prior to 2.9.6

  • redhatansible

    ≥ 2.7.0, < 2.7.17 | ≥ 2.8.0, < 2.8.9 | ≥ 2.9.0, < 2.9.6

  • redhatansible_tower

    ≤ 3.3.5 | ≥ 3.5.0, ≤ 3.5.5 | ≥ 3.6.0, ≤ 3.6.3

  • redhatopenstack

    10 | 13

References (20)