{"containers": {"cna": {"affected": [{"product": "ansible", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "2.7.x, 2.8.x, 2.9.x"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-377", "description": "CWE-377", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-07T14:06:32", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ansible/ansible/issues/67798"}, {"name": "FEDORA-2020-1b6ce91e37", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"}, {"name": "FEDORA-2020-3990f03ba3", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"}, {"name": "FEDORA-2020-f80154b5b4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"}, {"name": "[debian-lts-announce] 20200505 [SECURITY] [DLA 2202-1] ansible security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"}, {"name": "GLSA-202006-11", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202006-11"}, {"name": "DSA-4950", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4950"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-1740", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ansible", "version": {"version_data": [{"version_value": "2.7.x, 2.8.x, 2.9.x"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable."}]}, "impact": {"cvss": [[{"vectorString": "3.9/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-377"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740"}, {"name": "https://github.com/ansible/ansible/issues/67798", "refsource": "CONFIRM", "url": "https://github.com/ansible/ansible/issues/67798"}, {"name": "FEDORA-2020-1b6ce91e37", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"}, {"name": "FEDORA-2020-3990f03ba3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"}, {"name": "FEDORA-2020-f80154b5b4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"}, {"name": "[debian-lts-announce] 20200505 [SECURITY] [DLA 2202-1] ansible security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"}, {"name": "GLSA-202006-11", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202006-11"}, {"name": "DSA-4950", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4950"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:46:30.903Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ansible/ansible/issues/67798"}, {"name": "FEDORA-2020-1b6ce91e37", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"}, {"name": "FEDORA-2020-3990f03ba3", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"}, {"name": "FEDORA-2020-f80154b5b4", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"}, {"name": "[debian-lts-announce] 20200505 [SECURITY] [DLA 2202-1] ansible security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"}, {"name": "GLSA-202006-11", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202006-11"}, {"name": "DSA-4950", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4950"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-1740", "datePublished": "2020-03-16T15:07:11", "dateReserved": "2019-11-27T00:00:00", "dateUpdated": "2024-08-04T06:46:30.903Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AA398A0-5DCC-4202-BB11-B2871FB796B4", "versionEndExcluding": "2.7.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "matchCriteriaId": "84818035-3E65-464B-A84A-22DADA640D19", "versionEndExcluding": "2.8.11", "versionStartIncluding": "2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "matchCriteriaId": "341AEE03-9334-416D-9896-A37697B43CCC", "versionEndExcluding": "2.9.7", "versionStartIncluding": "2.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3C5721F-050A-42A3-A71D-6C6BA23D58FE", "versionEndIncluding": "3.3.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "64DD1400-5512-493E-85DB-B3C18FBB2DBB", "versionEndIncluding": "3.4.5", "versionStartIncluding": "3.3.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2062F74-68D8-4E75-BC69-6038B519F823", "versionEndIncluding": "3.5.5", "versionStartIncluding": "3.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "342D4A63-0972-413B-BD65-0495DBF1CDFB", "versionEndIncluding": "3.6.3", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7098B44F-56BF-42E3-8831-48D0A8E99EE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable."}, {"lang": "es", "value": "Se detect\u00f3 un fallo en Ansible Engine cuando se usa Ansible Vault para editar archivos cifrados. Cuando un usuario ejecuta \"ansible-vault edit\", otro usuario en la misma computadora puede leer el secreto antiguo y el nuevo, como es creado en un archivo temporal con mkstemp y el descriptor de archivo devuelto es cerrado y el m\u00e9todo write_data es llamado para escribir el secreto existente en el archivo. Este m\u00e9todo eliminar\u00e1 el archivo antes de volver a crearlo de forma no segura. Se cree todas las versiones en las derivaciones 2.7.x, 2.8.x y 2.9.x son vulnerables."}], "id": "CVE-2020-1740", "lastModified": "2023-11-07T03:19:31.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 2.7, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2020-03-16T16:15:14.217", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/ansible/ansible/issues/67798"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202006-11"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4950"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-377"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Damien Aumaitre (Quarkslab) and Nicolas Surbayrole (Quarkslab) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:1544", "cpe": "cpe:/a:redhat:ansible_engine:2.7::el7", "package": "ansible-0:2.7.17-1.el7ae", "product_name": "Red Hat Ansible Engine 2.7 for RHEL 7", "release_date": "2020-04-22T00:00:00Z"}, {"advisory": "RHSA-2020:1543", "cpe": "cpe:/a:redhat:ansible_engine:2.8::el7", "package": "ansible-0:2.8.11-1.el7ae", "product_name": "Red Hat Ansible Engine 2.8 for RHEL 7", "release_date": "2020-04-22T00:00:00Z"}, {"advisory": "RHSA-2020:1543", "cpe": "cpe:/a:redhat:ansible_engine:2.8::el8", "package": "ansible-0:2.8.11-1.el8ae", "product_name": "Red Hat Ansible Engine 2.8 for RHEL 8", "release_date": "2020-04-22T00:00:00Z"}, {"advisory": "RHSA-2020:1541", "cpe": "cpe:/a:redhat:ansible_engine:2.9::el7", "package": "ansible-0:2.9.7-1.el7ae", "product_name": "Red Hat Ansible Engine 2.9 for RHEL 7", "release_date": "2020-04-22T00:00:00Z"}, {"advisory": "RHSA-2020:1541", "cpe": "cpe:/a:redhat:ansible_engine:2.9::el8", "package": "ansible-0:2.9.7-1.el8ae", "product_name": "Red Hat Ansible Engine 2.9 for RHEL 8", "release_date": "2020-04-22T00:00:00Z"}, {"advisory": "RHSA-2020:1542", "cpe": "cpe:/a:redhat:ansible_engine:2::el7", "package": "ansible-0:2.9.7-1.el7ae", "product_name": "Red Hat Ansible Engine 2 for RHEL 7", "release_date": "2020-04-22T00:00:00Z"}, {"advisory": "RHSA-2020:1542", "cpe": "cpe:/a:redhat:ansible_engine:2::el8", "package": "ansible-0:2.9.7-1.el8ae", "product_name": "Red Hat Ansible Engine 2 for RHEL 8", "release_date": "2020-04-22T00:00:00Z"}, {"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-34/ansible-tower-memcached:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-35/ansible-tower-memcached:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHBA-2020:1539", "cpe": "cpe:/a:redhat:ansible_tower:3.5::el7", "package": "ansible-tower-35/ansible-tower:3.5.6-1", "product_name": "Red Hat Ansible Tower 3.5 for RHEL 7", "release_date": "2020-04-22T00:00:00Z"}], "bugzilla": {"description": "ansible: secrets readable after ansible-vault edit", "id": "1802193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802193"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-377", "details": ["A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely."], "mitigation": {"lang": "en:us", "value": "Currently, there is no mitigation for this issue except avoid using the 'edit' option from 'ansible-vault' command line tool."}, "name": "CVE-2020-1740", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "ansible-tower", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Out of support scope", "package_name": "ansible", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Affected", "package_name": "ansible", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "package_name": "ansible", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Will not fix", "package_name": "ansible", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Will not fix", "package_name": "ansible", "product_name": "Red Hat Storage 3"}], "public_date": "2020-02-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-1740\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1740"], "statement": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "threat_severity": "Low", "upstream_fix": "ansible-engine 2.7.17, ansible-engine 2.8.11, ansible-engine 2.9.7"}