CVE-2020-10744 - OpenCVE

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Ansible Ansible Tower

Configuration 1 [-]

OR	cpe:2.3:a:redhat:ansible::::::::
	cpe:2.3:a:redhat:ansible::::::::
	cpe:2.3:a:redhat:ansible::::::::
	cpe:2.3:a:redhat:ansible_tower::::::::
	cpe:2.3:a:redhat:ansible_tower::::::::
	cpe:2.3:a:redhat:ansible_tower::::::::

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744
https://nvd.nist.gov/vuln/detail/CVE-2020-10744
https://www.cve.org/CVERecord?id=CVE-2020-10744

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-05-15T13:44:33

Updated: 2024-08-04T11:14:15.623Z

Reserved: 2020-03-20T00:00:00

Link: CVE-2020-10744

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-05-15T14:15:11.700

Modified: 2023-11-07T03:14:19.440

Link: CVE-2020-10744

Redhat

Severity : Moderate

Publid Date: 2020-05-14T00:00:00Z

Links: CVE-2020-10744 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "ansible", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "ansible-engine 2.7.18 and prior"}, {"status": "affected", "version": "ansible-engine 2.8.12 and prior"}, {"status": "affected", "version": "ansible-engine 2.9.9 and prior"}, {"status": "affected", "version": "ansible-tower 3.4.5 and prior"}, {"status": "affected", "version": "ansible-tower 3.5.6 and prior"}, {"status": "affected", "version": "ansible-tower 3.6.4 and prior"}]}], "descriptions": [{"lang": "en", "value": "An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-377", "description": "CWE-377", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-05-15T13:44:33", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10744", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ansible", "version": {"version_data": [{"version_value": "ansible-engine 2.7.18 and prior"}, {"version_value": "ansible-engine 2.8.12 and prior"}, {"version_value": "ansible-engine 2.9.9 and prior"}, {"version_value": "ansible-tower 3.4.5 and prior"}, {"version_value": "ansible-tower 3.5.6 and prior"}, {"version_value": "ansible-tower 3.6.4 and prior"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected."}]}, "impact": {"cvss": [[{"vectorString": "5/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-377"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:14:15.623Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10744", "datePublished": "2020-05-15T13:44:33", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:14:15.623Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F1AB041-8234-4A8B-BE31-49BCC28589F6", "versionEndIncluding": "2.7.18", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AC81D26-7550-439F-B243-5E1DEE4EE7B3", "versionEndIncluding": "2.8.12", "versionStartIncluding": "2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "matchCriteriaId": "5746BAA8-5284-4BE0-B43F-55EB7EA46151", "versionEndIncluding": "2.9.9", "versionStartIncluding": "2.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5C0F920-A505-452D-AFAA-AE6C20FB25EF", "versionEndIncluding": "3.4.5", "versionStartIncluding": "3.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "38DE8041-5A20-41AA-83B5-61303E299204", "versionEndIncluding": "3.5.6", "versionStartIncluding": "3.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A4566CE-6A1C-470A-AA0E-98A859F9172F", "versionEndIncluding": "3.6.4", "versionStartIncluding": "3.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected."}, {"lang": "es", "value": "Se ha encontrado una correcci\u00f3n incompleta para la correcci\u00f3n del fallo de ansible CVE-2020-1733: un directorio temporal no seguro cuando se ejecuta become_user desde become directive. La correcci\u00f3n proporcionada no es suficiente para impedir una condici\u00f3n de carrera en sistemas que usan ACLs y sistemas de archivos FUSE. Ansible Engine versiones 2.7.18, 2.8.12, y 2.9.9 as\u00ed como las versiones previas est\u00e1n afectadas y Ansible Tower versioes 3.4.5, 3.5.6 y 3.6.4 as\u00ed como las versiones previas est\u00e1n afectadas."}], "id": "CVE-2020-10744", "lastModified": "2023-11-07T03:14:19.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.7, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2020-05-15T14:15:11.700", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-377"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Damien Aumaitre (Quarkslab) and Nicolas Surbayrole (Quarkslab) for reporting this issue.", "bugzilla": {"description": "ansible: incomplete fix for CVE-2020-1733", "id": "1835566", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835566"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-377", "details": ["An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.", "An incomplete fix was found for the fix of the flaw CVE-2020-1733, Ansible: insecure temporary directory when running become_user from the become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems."], "mitigation": {"lang": "en:us", "value": "Currently, there is no mitigation for this issue."}, "name": "CVE-2020-10744", "package_state": [{"cpe": "cpe:/a:redhat:ansible_engine:2", "fix_state": "Affected", "package_name": "ansible", "product_name": "Red Hat Ansible Engine 2"}, {"cpe": "cpe:/a:redhat:ansible_tower:3", "fix_state": "Out of support scope", "package_name": "ansible", "product_name": "Red Hat Ansible Tower 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Out of support scope", "package_name": "ansible", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Affected", "package_name": "ansible", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "package_name": "ansible", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Will not fix", "package_name": "ansible", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Will not fix", "package_name": "ansible", "product_name": "Red Hat Storage 3"}], "public_date": "2020-05-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10744\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10744"], "statement": "Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected.\nAnsible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.\nRed Hat Gluster Storage 3 and Red Hat Ceph Storage 3 no longer maintain their own versions of Ansible. The fix will be provided from core Ansible. However, we still ship Ansible separately for Ceph Ubuntu.\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "threat_severity": "Moderate", "upstream_fix": "ansible-engine 2.7.19, ansible-engine 2.8.13, ansible-engine 2.9.10"}