CVE-2020-10709

CWE-287Improper AuthenticationCWE-613Insufficient Session ExpirationCWE-6725 documents5 sources
Severity
7.1HIGH
EPSS
0.0%
top 88.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Ansible Tower
Timeline
PublishedMay 27
Latest updateMay 24

Description

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. This flaw affects Ansible Tower versions before 3.6.4 and Ansible Tower versions before 3.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDredhat/ansible_tower3.6.03.6.4+1
CVEListV5toweransible_tower 3.6.4, ansible_tower 3.5.6

🔴Vulnerability Details

2
GHSA
GHSA-g252-frw3-5wcr: A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application2022-05-24
CVEList
CVE-2020-10709: A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application2021-05-27

📋Vendor Advisories

1
Red Hat
Tower: OAuth2 refresh tokens do not respect the expiration2020-04-07

💬Community

1
Bugzilla
CVE-2020-10709 Tower: OAuth2 refresh tokens do not respect the expiration2020-04-15