Bug 1847843 (CVE-2020-10782)
Summary: | CVE-2020-10782 Tower: rsyslog configuration has world readable permissions | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Borja Tarraso <btarraso> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | brandon.sterne, cmeyers, gblomqui, gmainwar, mabashia, notting, rpetrell, security-response-team, smcdonal |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ansible_tower 3.7.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
An exposure of sensitive information flaw was found in Ansible. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-06-19 05:20:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1847947 | ||
Bug Blocks: | 1847831 |
Description
Borja Tarraso
2020-06-17 08:01:49 UTC
Statement: * Ansible Tower 3.7.0 is affected. Mitigation: Setting manual permissions for the rsyslog.conf file to 0640 would mitigate the issue temporarily. However, be aware that every time the Tower services are restarted, the permissions are restored to 644 after some time. This issue has been addressed in the following products: Red Hat Ansible Tower 3.7 for RHEL 7 Via RHSA-2020:2617 https://access.redhat.com/errata/RHSA-2020:2617 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10782 It may be helpful to update the Doc Text for this bug to reference "service provisioning tokens" or similar rather than "Splunk tokens", as this is a bug in Ansible Tower, not Splunk. Splunk users may be unnecessarily alarmed by the current Doc Text, particularly if they are not also Ansible Tower users. In reply to comment #8: > It may be helpful to update the Doc Text for this bug to reference "service > provisioning tokens" or similar rather than "Splunk tokens", as this is a > bug in Ansible Tower, not Splunk. Splunk users may be unnecessarily alarmed > by the current Doc Text, particularly if they are not also Ansible Tower > users. Hi Brandon, You are right, the statement may lead in some unnecessary confusion. The intention was to give to end customers a possible threat of this flaw, by giving an specific example to them. I updated the doc-text to be more generic, so there is no room for a doubt. Many thanks for your suggestion, it is really appreciated. Borja Tarraso Red Hat Product Security Thanks very much, Borja! |