Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
587
VMScore

CVE-2020-14365

Published: 23/09/2020 Updated: 05/04/2022
CVSS v2 Base Score: 6.6 | Impact Score: 9.2 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 587
Vector: AV:L/AC:L/Au:N/C:N/I:C/A:C
Subscribe to Redhat

Vulnerability Summary

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x prior to 2.8.15 and ansible-engine 2.9.x prior to 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat ansible engine

redhat ansible tower 3.0

redhat ansible tower

redhat ceph storage 2.0

redhat ceph storage 3.0

redhat openstack platform 10.0

redhat openstack platform 13.0

debian debian linux 10.0

Vendor Advisories

Debian Security Advisories: DSA-4950-1 ansible -- security update
Several vulnerabilities have been found in Ansible, a configuration management, deployment and task execution system, which could result in information disclosure or argument injection In addition a race condition in become_user was fixed For the stable distribution (buster), these problems have been fixed in version 277+dfsg-1+deb10u1 We reco ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container
Synopsis Moderate: security update - Red Hat Ansible Tower 373-1 - RHEL7 Container Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 373-1 - RHEL7 Container Description Updated to the latest version of the git-python library to no longer cause certain jobs to fail U ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6.6-1 - RHEL7 Container
Synopsis Moderate: security update - Red Hat Ansible Tower 366-1 - RHEL7 Container Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 366-1 - RHEL7 Container Description Fixed an XSS vulnerability (CVE-2020-25626) Fixed the Red Hat sosreport tool to no longer include ...
Red Hat: Important: Ansible security and bug fix update (2.9.13)
Synopsis Important: Ansible security and bug fix update (2913) Type/Severity Security Advisory: Important Topic An update for ansible is now available for Ansible Engine 2Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) ba ...
Red Hat: Low: OpenShift Virtualization 2.4.2 Images
Synopsis Low: OpenShift Virtualization 242 Images Type/Severity Security Advisory: Low Topic Red Hat OpenShift Virtualization release 242 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security im ...
Red Hat: Important: Ansible security and bug fix update (2.9.13)
Synopsis Important: Ansible security and bug fix update (2913) Type/Severity Security Advisory: Important Topic An update for ansible is now available for Ansible Engine 29Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) ...
Red Hat: Important: Ansible security and bug fix update (2.8.15)
Synopsis Important: Ansible security and bug fix update (2815) Type/Severity Security Advisory: Important Topic An update for ansible is now available for Ansible Engine 28Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)
Synopsis Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)
Synopsis Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...
Amazon Linux 2: ALASANSIBLE2-2023-005
A flaw was found in the Ansible Engine, in ansible-engine 28x before 2815 and ansible-engine 29x before 2913, when installing packages using the dnf module GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior This flaw leads to malicious packages being installed on the s ...

References

CWE-347https://bugzilla.redhat.com/show_bug.cgi?id=1869154https://www.debian.org/security/2021/dsa-4950https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4950
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook