what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2020-14365

Status Candidate

Overview

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

Related Files

Debian Security Advisory 4950-1
Posted Aug 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4950-1 - Several vulnerabilities have been found in Ansible, a configuration management, deployment and task execution system, which could result in information disclosure or argument injection. In addition a race condition in become_user was fixed.

tags | advisory, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2019-10156, CVE-2019-10206, CVE-2019-14846, CVE-2019-14864, CVE-2019-14904, CVE-2020-10684, CVE-2020-10685, CVE-2020-10729, CVE-2020-14330, CVE-2020-14332, CVE-2020-14365, CVE-2020-1733, CVE-2020-1735, CVE-2020-1739
SHA-256 | ebc20b43ab01a59fe77b2563453e04e2e0c224cd419dac6ce5d62cf99236915e
Red Hat Security Advisory 2020-4201-01
Posted Oct 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4201-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2019-11756, CVE-2019-17006, CVE-2019-17023, CVE-2020-12402, CVE-2020-12825, CVE-2020-14352, CVE-2020-14365, CVE-2020-15586, CVE-2020-16845
SHA-256 | 3d8b1c7224e8a2deee960b7668ead051da2664d66a79b155eb862d4b51810393
Red Hat Security Advisory 2020-4137-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4137-01 - Fixed an XSS vulnerability Fixed the Red Hat sosreport tool to no longer include the Ansible Tower SECRET_KEY value Fixed the Ansible Tower installer so that it is now compatible with the latest supported Red Hat OpenShift Container Platforms 3.x and 4.x. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2020-14365, CVE-2020-25626
SHA-256 | 3c45228725985140a00c8945df5dc1bd22d32fd30a3069bc0f2833320d9b2911
Red Hat Security Advisory 2020-4136-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4136-01 - Updated to the latest version of the git-python library to no longer cause certain jobs to fail Updated to the latest version of the ovirt.ovirt collection to no longer cause connections to hang when syncing inventory from oVirt/RHV Added a number of optimizations to Ansible Tower's callback receiver to improve the speed of stdout processing for simultaneous playbooks runs Added an optional setting to disable the auto-creation of organizations and teams on successful SAML login Fixed an XSS vulnerability Fixed a slow memory leak in the Daphne process Fixed Automation Analytics data gathering to no longer fail for customers with large datasets Fixed scheduled jobs that run every X minute or hour to no longer fail to run at the proper time Fixed delays in Ansible Tower's task manager when large numbers of simultaneous jobs are scheduled Fixed the performance for playbooks that store large amounts of data using the set_stats module Fixed the awx-manage remove_from_queue tool when used with isolated nodes Fixed an issue that prevented jobs from being properly marked as canceled when Tower is backed up and then restored to another environment. Issues addressed include cross site scripting and memory leak vulnerabilities.

tags | advisory, vulnerability, xss, memory leak, python
systems | linux, redhat
advisories | CVE-2020-14365, CVE-2020-25626
SHA-256 | d35bdae114c99ede1a241ed0ae74cb3f31fecb568f0fd7025cd59c44c369df33
Red Hat Security Advisory 2020-3600-01
Posted Sep 2, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3600-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2020-14365
SHA-256 | e07e91ca9ffc10ba1d1ec91f7d0e4827b53aa5e064f386ec4744192e66cd986e
Red Hat Security Advisory 2020-3602-01
Posted Sep 2, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3602-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2020-14365
SHA-256 | 8753307765c44b9a78cc06891210cdc120141f62d031c905aee1055696e81539
Red Hat Security Advisory 2020-3601-01
Posted Sep 2, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3601-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2020-14365
SHA-256 | 9177ed506b88e49c4d01a8b2cb8c4c03f39f85859d4c839edfc3f38c1aa72071
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close