Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-14365

Опубликовано: 23 сент. 2020
Источник: nvd
CVSS3: 7.1
CVSS2: 6.6
EPSS Низкий

Описание

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*
Версия от 2.8.0 (включая) до 2.8.15 (включая)
cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*
Версия от 2.9.0 (включая) до 2.9.13 (включая)
cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
Версия от 3.6.0 (включая) до 3.6.5 (включая)
cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
Версия от 3.7.0 (включая) до 3.7.2 (включая)
cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 22%
0.0007
Низкий

7.1 High

CVSS3

6.6 Medium

CVSS2

Дефекты

CWE-347
CWE-347

Связанные уязвимости

ubuntu логотип

CVE-2020-14365

CVSS3: 7.1
ubuntu
больше 5 лет назад

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

redhat логотип

CVE-2020-14365

CVSS3: 6.3
redhat
больше 5 лет назад

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

debian логотип

CVE-2020-14365

CVSS3: 7.1
debian
больше 5 лет назад

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...

github логотип

GHSA-m429-fhmv-c6q2

CVSS3: 7.1
github
почти 5 лет назад

Improper Verification of Cryptographic Signature in ansible

fstec логотип

BDU:2022-00281

CVSS3: 7.1
fstec
больше 5 лет назад

Уязвимость модуля dnf системы управления конфигурациями Ansible, связанная с некорректным подтверждением криптографической подписи данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

EPSS

Процентиль: 22%
0.0007
Низкий

7.1 High

CVSS3

6.6 Medium

CVSS2

Дефекты

CWE-347
CWE-347