Insecure Temporary Directory Vulnerability in Ansible Engine and Tower
CVE-2020-10744

5MEDIUM

Key Information:

Vendor: Red Hat
Status: Ansible
Vendor: CVE Published:; 15 May 2020

What is CVE-2020-10744?

The vulnerability arises from an incomplete fix addressing the underlying flaw related to insecure temporary directory handling when executing commands under a different user using Ansible's 'become' directive. The failure to adequately secure these directories creates a race condition, particularly on systems utilizing Access Control Lists (ACLs) and Filesystems in Userspace (FUSE). This oversight affects various versions of both Ansible Engine and Ansible Tower, leaving systems potentially exposed to unauthorized access and exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ansible ansible-engine 2.7.18 and prior

ansible ansible-engine 2.8.12 and prior

ansible ansible-engine 2.9.9 and prior

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 15, 2020
Vulnerability Reserved
Mar 20, 2020

JSON

Red Hat