Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2020-3600.NASL
HistorySep 01, 2020 - 12:00 a.m.

RHEL 7 / 8 : Ansible security and bug fix update (2.8.15) (Important) (RHSA-2020:3600)

2020-09-0100:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17

5.7 Medium

AI Score

Confidence

Low

JSON

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3600 advisory.

  • Ansible: masked keys for uri module are exposed into content and json output (CVE-2020-14330)

  • Ansible: module_args does not censor properly in --check mode (CVE-2020-14332)

  • ansible: dnf module install packages with no GPG signature (CVE-2020-14365)

  • ansible: atomic_move primitive sets permissive permissions (CVE-2020-1736)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2020:3600. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(140127);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/22");

  script_cve_id(
    "CVE-2020-1736",
    "CVE-2020-14330",
    "CVE-2020-14332",
    "CVE-2020-14365"
  );
  script_xref(name:"RHSA", value:"2020:3600");
  script_xref(name:"IAVB", value:"2020-B-0073-S");
  script_xref(name:"IAVB", value:"2019-B-0092-S");

  script_name(english:"RHEL 7 / 8 : Ansible security and bug fix update (2.8.15) (Important) (RHSA-2020:3600)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as
referenced in the RHSA-2020:3600 advisory.

  - Ansible: masked keys for uri module are exposed into content and json output (CVE-2020-14330)

  - Ansible: module_args does not censor properly in --check mode (CVE-2020-14332)

  - ansible: dnf module install packages with no GPG signature (CVE-2020-14365)

  - ansible: atomic_move primitive sets permissive permissions (CVE-2020-1736)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1736");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-14330");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-14332");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-14365");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:3600");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1802124");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1856815");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1857805");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1869154");
  script_set_attribute(attribute:"solution", value:
"Update the affected ansible package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14365");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(117, 347, 532, 732);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/09/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel8/aarch64/ansible/2.8/debug',
      'content/dist/layered/rhel8/aarch64/ansible/2.8/os',
      'content/dist/layered/rhel8/aarch64/ansible/2.8/source/SRPMS',
      'content/dist/layered/rhel8/ppc64le/ansible/2.8/debug',
      'content/dist/layered/rhel8/ppc64le/ansible/2.8/os',
      'content/dist/layered/rhel8/ppc64le/ansible/2.8/source/SRPMS',
      'content/dist/layered/rhel8/s390x/ansible/2.8/debug',
      'content/dist/layered/rhel8/s390x/ansible/2.8/os',
      'content/dist/layered/rhel8/s390x/ansible/2.8/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/ansible/2.8/debug',
      'content/dist/layered/rhel8/x86_64/ansible/2.8/os',
      'content/dist/layered/rhel8/x86_64/ansible/2.8/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'ansible-2.8.15-1.el8ae', 'release':'8', 'el_string':'el8ae', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ansible-2.8'}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/ansible/2.8/debug',
      'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/ansible/2.8/os',
      'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/ansible/2.8/source/SRPMS',
      'content/dist/rhel/power-le/7/7Server/ppc64le/ansible/2.8/debug',
      'content/dist/rhel/power-le/7/7Server/ppc64le/ansible/2.8/os',
      'content/dist/rhel/power-le/7/7Server/ppc64le/ansible/2.8/source/SRPMS',
      'content/dist/rhel/server/7/7Server/x86_64/ansible/2.8/debug',
      'content/dist/rhel/server/7/7Server/x86_64/ansible/2.8/os',
      'content/dist/rhel/server/7/7Server/x86_64/ansible/2.8/source/SRPMS',
      'content/dist/rhel/system-z/7/7Server/s390x/ansible/2.8/debug',
      'content/dist/rhel/system-z/7/7Server/s390x/ansible/2.8/os',
      'content/dist/rhel/system-z/7/7Server/s390x/ansible/2.8/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'ansible-2.8.15-1.el7ae', 'release':'7', 'el_string':'el7ae', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ansible-2.8'}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get() + redhat_report_package_caveat();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ansible');
}
VendorProductVersionCPE
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linux8cpe:/o:redhat:enterprise_linux:8
redhatenterprise_linuxansiblep-cpe:/a:redhat:enterprise_linux:ansible

Related

redhat 8
fedora 4
nessus 9
ubuntucve 4
redhatcve 4
osv 13
veracode 4
cve 4
prion 4
alpinelinux 3
debiancve 4
github 4
f5 1
ibm 3
mageia 1
debian 1
suse 1
gentoo 1
redhat
redhat
(RHSA-2020:3600) Important: Ansible security and bug fix update (2.8.15)
2020-09-01 19:10:09
(RHSA-2020:3602) Important: Ansible security and bug fix update (2.9.13)
2020-09-01 19:10:30
(RHSA-2020:3601) Important: Ansible security and bug fix update (2.9.13)
2020-09-01 19:10:25
fedora
fedora
[SECURITY] Fedora 32 Update: ansible-2.9.13-1.fc32
2020-09-08 15:27:25
[SECURITY] Fedora 31 Update: ansible-2.9.12-1.fc31
2020-08-20 01:05:14
[SECURITY] Fedora 31 Update: ansible-2.9.13-1.fc31
2020-09-12 16:37:36
nessus
nessus
Fedora 32 : ansible (2020-d5e74bf9a0)
2020-09-09 00:00:00
Amazon Linux 2 : ansible (ALASANSIBLE2-2023-006)
2023-09-27 00:00:00
Fedora 31 : ansible (2020-1e6eeadbb4)
2020-08-20 00:00:00
ubuntucve
ubuntucve
CVE-2020-14365
2020-09-23 00:00:00
CVE-2020-14330
2020-09-11 00:00:00
CVE-2020-14332
2020-09-11 00:00:00
redhatcve
redhatcve
CVE-2020-14365
2020-08-31 07:27:59
CVE-2020-14332
2020-07-16 19:37:34
CVE-2020-14330
2020-07-14 18:50:50
osv
osv
Improper Verification of Cryptographic Signature in ansible
2021-04-20 16:44:07
CVE-2020-14332
2020-09-11 18:15:13
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
2022-02-09 21:59:39
veracode
veracode
Information Disclosure
2020-07-23 03:37:49
Information Disclosure
2020-09-14 03:13:12
Man-in-the-Middle (MitM)
2020-09-01 02:09:27
cve
cve
CVE-2020-14330
2020-09-11 18:15:00
CVE-2020-14332
2020-09-11 18:15:00
CVE-2020-14365
2020-09-23 13:15:00
prion
prion
Security feature bypass
2020-09-11 18:15:00
Input validation
2020-09-11 18:15:00
Design/Logic Flaw
2020-09-23 13:15:00
alpinelinux
alpinelinux
CVE-2020-14332
2020-09-11 18:15:00
CVE-2020-14330
2020-09-11 18:15:00
CVE-2020-14365
2020-09-23 13:15:00
debiancve
debiancve
CVE-2020-14365
2020-09-23 13:15:00
CVE-2020-14330
2020-09-11 18:15:00
CVE-2020-14332
2020-09-11 18:15:00
github
github
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
2022-02-09 22:00:08
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
2022-02-09 21:59:39
Improper Verification of Cryptographic Signature in ansible
2021-04-20 16:44:07
f5
f5
K52013062 : Ansible Engine vulnerability CVE-2020-14365
2021-11-15 00:00:00
ibm
ibm
Security Bulletin: Security vulnerabilities in Ansible affect IBM Cloud Pak for Multicloud Management Hybrid GRC
2021-05-11 19:15:07
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues
2023-11-30 18:45:42
Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities
2022-08-23 22:32:13
mageia
mageia
Updated ansible package fixes security vulnerabilities
2020-09-05 12:34:29
debian
debian
[SECURITY] [DSA 4950-1] ansible security update
2021-08-07 09:26:39
suse
suse
Security update for ansible (important)
2022-03-16 00:00:00
gentoo
gentoo
Ansible: Multiple vulnerabilities
2020-06-13 00:00:00

5.7 Medium

AI Score

Confidence

Low

JSON
Related for REDHAT-RHSA-2020-3600.NASL
redhat8fedora4nessus9ubuntucve4redhatcve4osv13veracode4cve4prion4alpinelinux3debiancve4github4f51ibm3mageia1debian1suse1gentoo1