Vulnerability Details : CVE-2020-10709
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. This flaw affects Ansible Tower versions before 3.6.4 and Ansible Tower versions before 3.5.6.
Vulnerability category: BypassGain privilege
Products affected by CVE-2020-10709
- cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-10709
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-10709
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:P/A:N |
3.9
|
4.9
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
NIST |
CWE ids for CVE-2020-10709
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
-
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
-
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2020-10709
-
https://bugzilla.redhat.com/show_bug.cgi?id=1824033
1824033 – (CVE-2020-10709) CVE-2020-10709 Tower: OAuth2 refresh tokens do not respect the expirationIssue Tracking;Vendor Advisory
Jump to