Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia: 2020-0363 Moderate: Ansible Data Exposure and Integrity Risks

mageia
Calendar Grey September 5, 2020
Dist Mageia Esm H88
The latest Ansible update mitigates various vulnerabilities that threaten user data safety and overall system reliability. Review implemented solutions.
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output

Summary

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality (CVE-2020-14430).
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality (CVE-2020-14432).
A flaw was found in the Ansible Engine when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitra...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=27175

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/

- https://access.redhat.com/errata/RHSA-2020:3600

- https://www.cve.org/CVERecord?id=CVE-2020-14430

- https://www.cve.org/CVERecord?id=CVE-2020-14432

- https://www.cve.org/CVERecord?id=CVE-2020-14365

Topics%20covered

Topics Covered

security advisory system integrity data exposure confidentiality ansible Mageia

Resolution

SRPMS

- 7/core/ansible-2.7.18-1.1.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 05 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0363.html
Type: security
CVE: CVE-2020-14430, CVE-2020-14432, CVE-2020-14365

Topics%20covered

Topics Covered

security advisory system integrity data exposure confidentiality ansible Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here