Versio.io

CVE-2020-14365

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 23-09-2020 03:15
Last modified: - 05-04-2022 05:29
Total changes: - 3

Description

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Low
Attack complexity
Local
Attack vector
High
Availability
None
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
7.1
Base score
1.8
5.2
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=Red Hat Enterprise Linux AND product=ansible_engine AND versionEndIncluding=2.8.15 AND versionStartIncluding=2.8.0
vendor=Red Hat Enterprise Linux AND product=ansible_engine AND versionEndIncluding=2.9.13 AND versionStartIncluding=2.9.0
vendor=Red Hat Enterprise Linux AND product=ansible_tower AND version=3.0
vendor=Red Hat Enterprise Linux AND product=ansible_tower AND versionEndIncluding=3.6.5 AND versionStartIncluding=3.6.0
vendor=Red Hat Enterprise Linux AND product=ansible_tower AND versionEndIncluding=3.7.2 AND versionStartIncluding=3.7.0
OR
vendor=Red Hat Enterprise Linux AND product=ceph_storage AND version=2.0
vendor=Red Hat Enterprise Linux AND product=ceph_storage AND version=3.0
vendor=Red Hat Enterprise Linux AND product=openstack_platform AND version=10.0
vendor=Red Hat Enterprise Linux AND product=openstack_platform AND version=13.0
OR
vendor=Debian AND product=debian_linux AND version=10.0
 

Reference

 


Keywords

NVD

 

CVE-2020-14365

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.