Bug 1818445 (CVE-2020-10697) - CVE-2020-10697 Tower: memcached deployment is insecure on OpenShift
Summary: CVE-2020-10697 Tower: memcached deployment is insecure on OpenShift
Keywords:
Status: NEW
Alias: CVE-2020-10697
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 1818543 1818544 1818545
Blocks: 1818441
TreeView+ depends on / blocked
 
Reported: 2020-03-28 07:22 UTC by Borja Tarraso
Modified: 2023-07-07 08:31 UTC (History)
4 users (show)

Fixed In Version: ansible_tower 3.6.4, ansible_tower 3.5.6, ansible_tower 3.4.6
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which memcached is designed. Theoretically, more sophisticated attacks can be performed by manipulating and crafting the cache, as Tower relies on memcached as a place to pull out setting values. Confidential and sensitive data stored in memcached should not be pulled, as this information is encrypted.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Borja Tarraso 2020-03-28 07:22:58 UTC 
Tower executes a memcached which is accessed via TCP on a domain socket that it is shared amongst containers on Openshift. Making OpenShift memcached deployment insecure.
Comment 1 Borja Tarraso 2020-03-28 07:23:01 UTC 
Statement:

Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected when using it in OpenShift.
Comment 4 Borja Tarraso 2020-03-29 06:36:54 UTC 
Acknowledgments:

Name: Ryan Petrello (Red Hat), Shane McDonald (Red Hat)
Comment 6 Borja Tarraso 2020-03-31 14:33:15 UTC 
Mitigation:

Currently, there is no mitigation for this issue.
Note You need to log in before you can comment on or make changes to this bug.