Bug 1818445 (CVE-2020-10697)

Summary: CVE-2020-10697 Tower: memcached deployment is insecure on OpenShift
Product: [Other] Security Response Reporter: Borja Tarraso <btarraso>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: gblomqui, jneedle, mabashia, smcdonal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ansible_tower 3.6.4, ansible_tower 3.5.6, ansible_tower 3.4.6 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which memcached is designed. Theoretically, more sophisticated attacks can be performed by manipulating and crafting the cache, as Tower relies on memcached as a place to pull out setting values. Confidential and sensitive data stored in memcached should not be pulled, as this information is encrypted.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1818543, 1818544, 1818545    
Bug Blocks: 1818441    

Description Borja Tarraso 2020-03-28 07:22:58 UTC 
Tower executes a memcached which is accessed via TCP on a domain socket that it is shared amongst containers on Openshift. Making OpenShift memcached deployment insecure.
Comment 1 Borja Tarraso 2020-03-28 07:23:01 UTC 
Statement:

Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected when using it in OpenShift.
Comment 4 Borja Tarraso 2020-03-29 06:36:54 UTC 
Acknowledgments:

Name: Ryan Petrello (Red Hat), Shane McDonald (Red Hat)
Comment 6 Borja Tarraso 2020-03-31 14:33:15 UTC 
Mitigation:

Currently, there is no mitigation for this issue.