CVE-2020-10685

moderate-risk

Published 2020-05-11

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.

Do I need to act?

0.19% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.0/10 Medium

LOCAL / LOW complexity

Affected Products (9)

Ansible Engine

Ansible Tower

Ceph Storage

Openstack

Storage

Debian Linux

Affected Vendors

Debian Redhat

References (8)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685

Patch https://github.com/ansible/ansible/pull/68433

Third Party Advisory https://security.gentoo.org/glsa/202006-11

Third Party Advisory https://www.debian.org/security/2021/dsa-4950

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685

Patch https://github.com/ansible/ansible/pull/68433

Third Party Advisory https://security.gentoo.org/glsa/202006-11

Third Party Advisory https://www.debian.org/security/2021/dsa-4950

/ 100

moderate-risk

Severity 17/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 15/34 · Moderate