Vulnerability Details : CVE-2020-1740
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Vulnerability category: Information leak
Products affected by CVE-2020-1740
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-1740
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-1740
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST | |
3.9
|
LOW | CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N |
0.8
|
2.7
|
Red Hat, Inc. | |
4.7
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.0
|
3.6
|
NIST |
CWE ids for CVE-2020-1740
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Secondary)
-
Creating and using insecure temporary files can leave application and system data vulnerable to attack.Assigned by: secalert@redhat.com (Primary)
References for CVE-2020-1740
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
1802193 – (CVE-2020-1740) CVE-2020-1740 ansible: secrets readable after ansible-vault editIssue Tracking;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
[SECURITY] [DLA 2202-1] ansible security updateMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/202006-11
Ansible: Multiple vulnerabilities (GLSA 202006-11) — Gentoo securityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
[SECURITY] Fedora 31 Update: ansible-2.9.7-1.fc31 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.debian.org/security/2021/dsa-4950
Debian -- Security Information -- DSA-4950-1 ansibleThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
[SECURITY] Fedora 30 Update: ansible-2.9.7-1.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
[SECURITY] Fedora 32 Update: ansible-2.9.7-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/ansible/ansible/issues/67798
ansible-vault edit race condition · Issue #67798 · ansible/ansible · GitHubIssue Tracking;Third Party Advisory
Jump to