CVE-2020-10685

🗓️ 11 May 2020 00:00:00Reported by redhatType

Flaw in Ansible Engine versions 2.7.x, 2.8.x, 2.9.x, and Ansible Tower versions 3.4.5, 3.5.5, 3.6.3 allows decryption vulnerability for vault files in certain modules

Reporter	Title	Published	Views	Family All 85
Tenable Nessus	Amazon Linux 2 : ansible (ALASANSIBLE2-2023-008)	27 Sep 202300:00	–	nessus
Tenable Nessus	Debian DSA-4950-1 : ansible - security update	7 Aug 202100:00	–	nessus
Tenable Nessus	Fedora 30 : ansible (2020-1b6ce91e37)	27 Apr 202000:00	–	nessus
Tenable Nessus	Fedora 31 : ansible (2020-f80154b5b4)	27 Apr 202000:00	–	nessus
Tenable Nessus	GLSA-202006-11 : Ansible: Multiple vulnerabilities	17 Jun 202000:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : ansible (openSUSE-SU-2022:0081-1)	17 Mar 202200:00	–	nessus
Tenable Nessus	RHEL 7 / 8 : Ansible security update (2.9.7) (Important) (RHSA-2020:1541)	22 Apr 202000:00	–	nessus
Tenable Nessus	RHEL 7 / 8 : Ansible security update (2.9.7) (Important) (RHSA-2020:1542)	22 Apr 202000:00	–	nessus
Tenable Nessus	RHEL 7 / 8 : Ansible security update (2.8.11) (Important) (RHSA-2020:1543)	22 Apr 202000:00	–	nessus
Tenable Nessus	RHEL 7 : Ansible security update (2.7.17) (Important) (RHSA-2020:1544)	22 Apr 202000:00	–	nessus

[
  {
    "vendor": "Red Hat",
    "product": "Ansible",
    "versions": [
      {
        "version": "ansible-engine versions 2.7.x before 2.7.17",
        "status": "affected"
      },
      {
        "version": "ansible-engine 2.8.x before 2.8.11",
        "status": "affected"
      },
      {
        "version": "ansible-engine 2.9.x before 2.9.7",
        "status": "affected"
      },
      {
        "version": "Ansible Tower <= 3.4.5",
        "status": "affected"
      },
      {
        "version": "Ansible Tower <= 3.5.5",
        "status": "affected"
      },
      {
        "version": "Ansible Tower <= 3.6.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
security	www.security.gentoo.org/glsa/202006-11
github	www.github.com/ansible/ansible/pull/68433
debian	www.debian.org/security/2021/dsa-4950

07 Oct 2022 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.15

EPSS0.00376

CWE-459