6.6
CVSSv2

CVE-2020-14365

Published: 23/09/2020 Updated: 29/09/2020
CVSS v2 Base Score: 6.6 | Impact Score: 9.2 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:N/I:C/A:C

Vulnerability Summary

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x prior to 2.8.15 and ansible-engine 2.9.x prior to 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat ansible engine

redhat ansible tower 3.0

redhat ansible tower

redhat ceph storage 2.0

redhat ceph storage 3.0

redhat openstack platform 10.0

redhat openstack platform 13.0

Vendor Advisories

Synopsis Important: Ansible security and bug fix update (2815) Type/Severity Security Advisory: Important Topic An update for ansible is now available for Ansible Engine 28Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) ...
Synopsis Important: Ansible security and bug fix update (2913) Type/Severity Security Advisory: Important Topic An update for ansible is now available for Ansible Engine 29Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) ...
Synopsis Important: Ansible security and bug fix update (2913) Type/Severity Security Advisory: Important Topic An update for ansible is now available for Ansible Engine 2Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) ba ...
Synopsis Moderate: security update - Red Hat Ansible Tower 373-1 - RHEL7 Container Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 373-1 - RHEL7 Container Description Updated to the latest version of the git-python library to no longer cause certain jobs to fail U ...
Synopsis Moderate: security update - Red Hat Ansible Tower 366-1 - RHEL7 Container Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 366-1 - RHEL7 Container Description Fixed an XSS vulnerability (CVE-2020-25626) Fixed the Red Hat sosreport tool to no longer include ...
Synopsis Low: OpenShift Virtualization 242 Images Type/Severity Security Advisory: Low Topic Red Hat OpenShift Virtualization release 242 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security im ...
Synopsis Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...
Synopsis Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...