CVE-2020-10685 — Incomplete Cleanup in Redhat Ansible Engine

CWE-459 — Incomplete Cleanup CWE-377 — Insecure Temporary File CWE-668 — Resource Exposure11 documents7 sources

Severity

5.5MEDIUMNVD

CNA5.0

EPSS

0.2%

top 59.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Redhat Ansible Engine Redhat Ansible Tower +5 more

Timeline

PublishedMay 11

Latest updateApr 7

Description

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory i…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶NVDredhat/ansible_engine2.7.0 — 2.7.17+2

▶NVDredhat/ansible_tower3.5.0 — 3.5.5+2

▶PyPIredhat/ansible2.7.0a1 — 2.7.17+2

▶Debianredhat/ansible< 2.9.7+dfsg-1+3

▶CVEListV5red_hat/ansible6 versions+5

Also affects: Debian Linux 10.0

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible↗2021-04-07

▶

OSV

Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible↗2021-04-07

▶

CVEList

CVE-2020-10685: A flaw was found in Ansible Engine affecting Ansible Engine versions 2↗2020-05-11

▶

OSV

CVE-2020-10685: A flaw was found in Ansible Engine affecting Ansible Engine versions 2↗2020-05-11

▶

📋Vendor Advisories

Red Hat

Ansible: modules which use files encrypted with vault are not properly cleaned up↗2020-03-18

▶

Debian

CVE-2020-10685: ansible - A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x befor...↗2020

▶

💬Community

Bugzilla

CVE-2020-10685 ansible: modules which use files encrypted with vault are not properly cleaned up [openstack-rdo]↗2020-03-23

▶

Bugzilla

CVE-2020-10685 ansible: modules which use files encrypted with vault are not properly cleaned up [fedora-all]↗2020-03-23

▶

Bugzilla

CVE-2020-10685 ansible: modules which use files encrypted with vault are not properly cleaned up [epel-all]↗2020-03-23

▶

Bugzilla

CVE-2020-10685 Ansible: modules which use files encrypted with vault are not properly cleaned up↗2020-03-18

▶