Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5315-1
HistoryJun 07, 2022 - 12:00 a.m.

Ansible vulnerabilities

2022-06-0700:00:00
ubuntu.com
71

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.5 High

AI Score

Confidence

High

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

37.9%

JSON

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • ansible - Configuration management, deployment, and task execution system

Details

It was discovered that Ansible did not properly manage directory
permissions when running playbooks with an unprivileged become user. A
local attacker could possibly use this issue to cause a race condition,
escalate privileges and execute arbitrary code. This issue only affected
Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-1733)

It was discovered that the fix to address CVE-2020-1733 in Ansible was
incomplete on systems using ACLs and FUSE filesystems. A local attacker
could possibly use this issue to cause a race condition, escalate
privileges and execute arbitrary code. This issue only affected
Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-10744)

It was discovered that Ansible did not properly manage multi-line YAML
strings and special template characters. A local attacker could possibly
use this issue to cause a template injection, resulting in the
disclosure of sensitive information or other unspecified impact.
(CVE-2021-3583)

It was discovered that the ansible-connection module in Ansible did
not properly manage certain error messages. A local attacker could
possibly use this issue to expose sensitive information. This issue
only affected Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2021-3620)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchansible< 2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm1UNKNOWN
Ubuntu22.04noarchansible< 2.10.7+merged+base+2.10.8+dfsg-1UNKNOWN
Ubuntu20.04noarchansible< 2.9.6+dfsg-1ubuntu0.1~esm1UNKNOWN
Ubuntu20.04noarchansible< 2.9.6+dfsg-1UNKNOWN
Ubuntu20.04noarchansible-doc< 2.9.6+dfsg-1UNKNOWN
Ubuntu18.04noarchansible< 2.5.1+dfsg-1ubuntu0.1+esm1UNKNOWN
Ubuntu18.04noarchansible< 2.5.1+dfsg-1ubuntu0.1UNKNOWN
Ubuntu16.04noarchansible< 2.0.0.2-2ubuntu1.3+esm1UNKNOWN
Ubuntu16.04noarchansible< 2.1.1.0-1~ubuntu16.04.1UNKNOWN

Related

nessus 25
openvas 17
osv 14
prion 4
debiancve 4
github 4
redhatcve 4
cve 4
ubuntucve 4
freebsd 3
cbl_mariner 4
redhat 14
fedora 8
ibm 6
veracode 2
alpinelinux 1
mageia 3
suse 2
debian 3
photon 6
gentoo 1
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Ansible vulnerabilities (USN-5315-1)
2023-10-16 00:00:00
FreeBSD : Ansible -- Insecure Temporary File (50ec3a01-ad77-11eb-8528-8c164582fbac)
2021-05-07 00:00:00
Amazon Linux 2 : ansible (ALASANSIBLE2-2023-001)
2023-09-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5315-1)
2023-01-27 00:00:00
Fedora: Security Advisory for ansible (FEDORA-2021-4ad7c70d71)
2021-07-06 00:00:00
Fedora: Security Advisory for ansible (FEDORA-2021-574ee4dd30)
2021-07-06 00:00:00
osv
osv
ansible vulnerabilities
2022-06-07 14:43:08
CVE-2020-10744
2020-05-15 14:15:11
PYSEC-2020-208
2020-05-15 14:15:00
prion
prion
Race condition
2020-05-15 14:15:00
Command injection
2021-09-22 12:15:00
Race condition
2020-03-11 19:15:00
debiancve
debiancve
CVE-2020-10744
2020-05-15 14:15:00
CVE-2021-3583
2021-09-22 12:15:00
CVE-2020-1733
2020-03-11 19:15:00
github
github
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
2022-02-09 21:59:42
Improper Input Validation and Command Injection in Ansible
2021-09-23 23:16:38
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
2021-04-20 16:46:12
redhatcve
redhatcve
CVE-2020-10744
2020-05-14 15:56:33
CVE-2021-3583
2021-06-08 06:52:22
CVE-2020-1733
2020-02-18 14:29:51
cve
cve
CVE-2020-10744
2020-05-15 14:15:00
CVE-2021-3583
2021-09-22 12:15:00
CVE-2020-1733
2020-03-11 19:15:00
ubuntucve
ubuntucve
CVE-2020-10744
2020-05-15 00:00:00
CVE-2021-3583
2021-09-22 00:00:00
CVE-2020-1733
2020-03-11 00:00:00
freebsd
freebsd
Ansible -- Insecure Temporary File
2020-05-15 00:00:00
Ansible -- Templating engine bug
2021-06-10 00:00:00
Ansible -- Ansible user credentials disclosure in ansible-connection module
2021-06-25 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-10744 affecting package ansible 2.9.9-1
2021-07-08 21:56:43
CVE-2021-3583 affecting package ansible 2.9.18-1
2021-10-22 04:51:42
CVE-2021-3583 affecting package ansible 2.9.18-1
2022-04-09 06:51:57
redhat
redhat
(RHSA-2021:2664) Important: Ansible security and bug fix update (2.9.23)
2021-07-07 04:25:02
(RHSA-2021:2663) Important: Ansible security and bug fix update (2.9.23)
2021-07-07 04:24:44
(RHSA-2021:3874) Important: Red Hat Ansible Automation Platform 2.0.1 Security and Bug fix Release
2021-10-14 20:14:36
fedora
fedora
[SECURITY] Fedora 33 Update: ansible-2.9.23-1.fc33
2021-07-02 01:21:14
[SECURITY] Fedora 34 Update: ansible-2.9.23-1.fc34
2021-07-02 01:09:02
[SECURITY] Fedora 35 Update: ansible-2.9.27-1.fc35
2021-11-02 01:04:37
ibm
ibm
Security Bulletin: Ansible vulnerability affects IBM Elastic Storage System (CVE-2021-3583)
2022-02-28 11:18:57
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to injection attacks in Ansible (CVE-2021-3583).
2023-01-12 21:59:00
Security Bulletin: Security vulnerabilities in Ansible affect IBM Cloud Pak for Multicloud Management Hybrid GRC
2021-05-11 19:15:07
veracode
veracode
Privilege Escalation Via Insecure Directory Creation
2020-02-28 02:48:37
Denial Of Service (DoS)
2021-10-18 13:54:04
alpinelinux
alpinelinux
CVE-2020-1733
2020-03-11 19:15:00
mageia
mageia
Updated ansible packages fix security vulnerability
2021-10-23 13:05:28
Updated ansible packages fix security vulnerability
2021-09-23 07:49:29
Updated ansible packages fix security vulnerabilities
2020-05-24 21:04:47
suse
suse
Important for SUSE Manager Client Tools (important)
2022-09-08 00:00:00
Security update for ansible (important)
2022-03-16 00:00:00
debian
debian
[SECURITY] [DLA 3695-1] ansible security update
2023-12-28 17:44:01
[SECURITY] [DLA 2202-1] ansible security update
2020-05-05 14:22:50
[SECURITY] [DSA 4950-1] ansible security update
2021-08-07 09:26:39
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0233
2020-04-21 00:00:00
Critical Photon OS Security Update - PHSA-2022-0528
2022-10-18 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0344
2021-12-17 00:00:00
gentoo
gentoo
Ansible: Multiple vulnerabilities
2020-06-13 00:00:00

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.5 High

AI Score

Confidence

High

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

37.9%

JSON
Related for USN-5315-1
nessus25openvas17osv14prion4debiancve4github4redhatcve4cve4ubuntucve4freebsd3cbl_mariner4redhat14fedora8ibm6veracode2alpinelinux1mageia3suse2debian3photon6gentoo1