pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2020-3006/definitions.json

303 lines
16 KiB
JSON
Raw Normal View History

ALT Vulnerability
2024-04-16 14:26:14 +00:00
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20203006",
"Version": "oval:org.altlinux.errata:def:20203006",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-3006: package `ansible` update to version 2.9.13-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-3006",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3006",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-02164",
"RefURL": "https://bdu.fstec.ru/vul/2020-02164",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02201",
"RefURL": "https://bdu.fstec.ru/vul/2020-02201",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00266",
"RefURL": "https://bdu.fstec.ru/vul/2022-00266",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00279",
"RefURL": "https://bdu.fstec.ru/vul/2022-00279",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00280",
"RefURL": "https://bdu.fstec.ru/vul/2022-00280",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00281",
"RefURL": "https://bdu.fstec.ru/vul/2022-00281",
"Source": "BDU"
},
{
"RefID": "CVE-2019-10156",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10156",
"Source": "CVE"
},
{
"RefID": "CVE-2019-10206",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10206",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14846",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14846",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14858",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14858",
"Source": "CVE"
},
{
"RefID": "CVE-2020-10691",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10691",
"Source": "CVE"
},
{
"RefID": "CVE-2020-10744",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744",
"Source": "CVE"
},
{
"RefID": "CVE-2020-14330",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-14330",
"Source": "CVE"
},
{
"RefID": "CVE-2020-14332",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-14332",
"Source": "CVE"
},
{
"RefID": "CVE-2020-14365",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-14365",
"Source": "CVE"
},
{
"RefID": "CVE-2020-1736",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736",
"Source": "CVE"
}
],
"Description": "This update upgrades ansible to version 2.9.13-alt1. \nSecurity Fix(es):\n\n * BDU:2020-02164: Уязвимость системы управления конфигурациями Ansible, связана с раскрытием информации через регистрационные файлы, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2020-02201: Уязвимость системы управления конфигурациями Ansible, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2022-00266: Уязвимость системы управления конфигурациями ansible, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность\n\n * BDU:2022-00279: Уязвимость модуля URI системы управления конфигурациями Ansible, связанная с недостатком механизма кодирование или экранирование выходных данных, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2022-00280: Уязвимость системы управления конфигурациями Ansible, связанная с неправильной обработкой выходных данных для журналов регистрации, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2022-00281: Уязвимость модуля dnf системы управления конфигурациями Ansible, связанная с некорректным подтверждением криптографической подписи данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании\n\n * CVE-2019-10156: A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.\n\n * CVE-2019-10206: ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.\n\n * CVE-2019-14846: In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.\n\n * CVE-2019-14858: A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.\n\n * CVE-2020-10691: An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, whe
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-10-10"
},
"Updated": {
"Date": "2020-10-10"
},
"BDUs": [
{
"ID": "BDU:2020-02164",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-117, CWE-532",
"Href": "https://bdu.fstec.ru/vul/2020-02164",
"Impact": "Low",
"Public": "20191011"
},
{
"ID": "BDU:2020-02201",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2020-02201",
"Impact": "Low",
"Public": "20190723"
},
{
"ID": "BDU:2022-00266",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2022-00266",
"Impact": "Low",
"Public": "20190606"
},
{
"ID": "BDU:2022-00279",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-116",
"Href": "https://bdu.fstec.ru/vul/2022-00279",
"Impact": "Low",
"Public": "20200911"
},
{
"ID": "BDU:2022-00280",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-117",
"Href": "https://bdu.fstec.ru/vul/2022-00280",
"Impact": "Low",
"Public": "20200801"
},
{
"ID": "BDU:2022-00281",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"CWE": "CWE-347",
"Href": "https://bdu.fstec.ru/vul/2022-00281",
"Impact": "High",
"Public": "20200923"
}
],
"CVEs": [
{
"ID": "CVE-2019-10156",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10156",
"Impact": "Low",
"Public": "20190730"
},
{
"ID": "CVE-2019-10206",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-522",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10206",
"Impact": "Low",
"Public": "20191122"
},
{
"ID": "CVE-2019-14846",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14846",
"Impact": "High",
"Public": "20191008"
},
{
"ID": "CVE-2019-14858",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-532",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14858",
"Impact": "Low",
"Public": "20191014"
},
{
"ID": "CVE-2020-10691",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"CWE": "CWE-22",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10691",
"Impact": "Low",
"Public": "20200430"
},
{
"ID": "CVE-2020-10744",
"CVSS": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744",
"Impact": "Low",
"Public": "20200515"
},
{
"ID": "CVE-2020-14330",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-532",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-14330",
"Impact": "Low",
"Public": "20200911"
},
{
"ID": "CVE-2020-14332",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-14332",
"Impact": "Low",
"Public": "20200911"
},
{
"ID": "CVE-2020-14365",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-14365",
"Impact": "High",
"Public": "20200923"
},
{
"ID": "CVE-2020-1736",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-732",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736",
"Impact": "Low",
"Public": "20200316"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
ALT Vulnerability
2024-12-12 21:07:30 +00:00
"cpe:/o:alt:starterkit:p9"
ALT Vulnerability
2024-04-16 14:26:14 +00:00
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20203006001",
"Comment": "ansible is earlier than 0:2.9.13-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue Copy Permalink