Executive Summary

Summary
Titleansible security update
Informations
NameDSA-4396First vendor Publication2019-02-19
VendorDebianLast vendor Modification2019-02-19
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system:

CVE-2018-10855 / CVE-2018-16876

The no_log task flag wasn't honored, resulting in an information leak.

CVE-2018-10875

ansible.cfg was read from the current working directory.

CVE-2018-16837

The user module leaked parameters passed to ssh-keygen to the process environment.

CVE-2019-3828

The fetch module was susceptible to path traversal.

For the stable distribution (stretch), these problems have been fixed in version 2.2.1.0-2+deb9u1.

We recommend that you upgrade your ansible packages.

For the detailed security status of ansible please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ansible

Original Source

Url : http://www.debian.org/security/2019/dsa-4396

CWE : Common Weakness Enumeration

%idName
50 %CWE-200Information Exposure
25 %CWE-532Information Leak Through Log Files
25 %CWE-426Untrusted Search Path

CPE : Common Platform Enumeration

TypeDescriptionCount
Application49
Application5
Application1
Application1
Application3
Application1
Os2
Os1
Os1
Os1

Nessus® Vulnerability Scanner

DateDescription
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-af82e7c863.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-615705632d.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-1a6e6196b9.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-1d2bc76093.nasl - Type : ACT_GATHER_INFO
2018-11-13Name : The remote Debian host is missing a security update.
File : debian_DLA-1576.nasl - Type : ACT_GATHER_INFO
2018-07-24Name : The remote Fedora host is missing a security update.
File : fedora_2018-53790a5236.nasl - Type : ACT_GATHER_INFO
2018-06-25Name : The remote Fedora host is missing a security update.
File : fedora_2018-b619637e45.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-02-20 00:18:41
  • First insertion