1880274 – (CVE-2020-25636) CVE-2020-25636 Collections: aws_ssm connection plugin should namespace its file transfers

Bug 1880274 (CVE-2020-25636) - CVE-2020-25636 Collections: aws_ssm connection plugin should namespace its file transfers

Summary: CVE-2020-25636 Collections: aws_ssm connection plugin should namespace its fi...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2020-25636
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1875993
TreeView+	depends on / blocked

Reported:	2020-09-18 07:28 UTC by Borja Tarraso
Modified:	2021-02-09 20:28 UTC (History)
CC List:	0 users
Fixed In Version:	aws_ssm 1.3.0
Doc Type:	---
Doc Text:	A flaw was found in Ansible Base when using the aws_ssm connection plugin, as there is not a namespace separation for file transfers. Files are written directly to the root bucket, making it possible to have collisions when running multiple Ansible processes. The highest threat from this vulnerability is to integrity and system availability.
Clone Of:
Environment:
Last Closed:	2020-09-24 08:41:12 UTC
Embargoed:

Attachments	(Terms of Use)

Description Borja Tarraso 2020-09-18 07:28:46 UTC

The aws_ssm connection plugin uses an s3 buckets to transfer files to instances. It writes these files directly to the root of the bucket. If multiple ansible processes are running and sharing the same bucket at the same time, collisions could happen.

Comment 1 Borja Tarraso 2020-09-18 07:28:50 UTC

Acknowledgments:

Name: Abel Luck (The Guardian Project)

Comment 2 Borja Tarraso 2020-09-18 07:28:52 UTC

External References:

https://github.com/ansible-collections/community.aws/issues/221

Comment 3 Borja Tarraso 2020-09-18 07:28:54 UTC

Mitigation:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 7 Borja Tarraso 2020-09-23 06:23:18 UTC

Upstream fix: https://github.com/ansible-collections/community.aws/pull/237

Comment 8 Product Security DevOps Team 2020-09-24 08:41:12 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-25636

Comment 10 RaTasha Tillery-Smith 2021-02-09 20:28:50 UTC

Statement:

Ansible collection aws_ssm connection community plugin 1.2.1 and previous versions until 1.0.0 when it was introduced to this plugin are affected versions by this flaw.

Note You need to log in before you can comment on or make changes to this bug.