Borja Tarraso

**Name of the Vulnerable Software and Affected Versions** grc-policy-propagator (affected versions not specified) **Description** The issue allows security escalation within the cluster. It is related to policies that contain dynamically obtained values, which can take advantage of cluster scoped access in a created policy. This feature does not properly restrict lookup content to the namespace where the policy was created. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RHDS versions 11 through 12 **Description** A flaw was found in RHDS where LDAP tries to decode the `userPassword` attribute instead of the `userCertificate` attribute, potentially leading to sensitive information leakage. An attacker with a local account where the `cockpit-389-ds` is running can list processes and display hashed passwords, posing the highest threat to data confidentiality. **Recommendations** For RHDS versions 11 and 12, consider restricting access to the `cockpit-389-ds` component and limiting the ability to list processes and display hashed passwords until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** e2fsprogs version 1.46.5 **Description** The issue is related to an out-of-bounds read/write in the e2fsprogs utility set, which can lead to a segmentation fault and possibly allow an attacker to execute arbitrary code via a specially crafted filesystem. **Recommendations** For e2fsprogs version 1.46.5, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ansible Tower versions prior to 3.7.2 **Description** A Server Side Request Forgery flaw can be abused by supplying a URL, which could lead to the server processing it and connecting to internal services or exposing additional internal services. In case of an error, this could result in retrieving full details, posing the highest threat to data confidentiality. **Recommendations** For versions prior to 3.7.2, update to version 3.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to internal services and limiting the ability to supply URLs that could be used to exploit the Server Side Request Forgery flaw.

**Name of the Vulnerable Software and Affected Versions** Ansible Tower versions prior to 3.6.4 Ansible Tower versions prior to 3.5.6 **Description** A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. **Recommendations** For Ansible Tower versions prior to 3.6.4, update to version 3.6.4 or later. For Ansible Tower versions prior to 3.5.6, update to version 3.5.6 or later. As a temporary workaround, consider restricting access to OAuth2 tokens to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ansible versions prior to 2.9.18 **Description** A flaw was found in Ansible where credentials, such as secrets, are disclosed in the console log by default and not protected by the `no log` feature when using certain modules. This allows an attacker to steal those credentials, posing the highest threat to data confidentiality. **Recommendations** For versions prior to 2.9.18, update to version 2.9.18 or later to resolve the issue. As a temporary workaround, consider disabling the use of modules that disclose credentials in the console log until a patch is available. Restrict access to the console log to minimize the risk of exploitation. Avoid using sensitive credentials in modules that are not protected by the `no log` feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ansible Engine versions prior to 2.9.6 **Description** A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This issue may allow an attacker to gain access to confidential data. **Recommendations** For Ansible Engine versions prior to 2.9.6, update to version 2.9.6 or later to resolve the issue. As a temporary workaround, consider disabling the template caching action for sensitive files until a patch is available. Restrict access to confidential data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tower (affected versions not specified) **Description** A data exposure flaw was found, allowing an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames, thus threatening data confidentiality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ansible version 3.7.0 Ansible Tower versions prior to 3.7.1 **Description** A flaw in the rsyslog configuration file was found, causing sensitive information such as tokens and secrets to be exposed due to incorrect world-readable permissions. This issue poses a significant threat to confidentiality. **Recommendations** For Ansible version 3.7.0, update to version 3.7.1 to resolve the issue. For Ansible Tower versions prior to 3.7.1, update to version 3.7.1 or later to fix the problem.

**Name of the Vulnerable Software and Affected Versions** Ansible Tower versions 3.6.x before 3.6.2 **Description** A flaw was found in Ansible Tower where files in '/var/backup/tower' are left world-readable. These files include both the `SECRET KEY` and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this issue. **Recommendations** For Ansible Tower versions 3.6.x before 3.6.2, update to version 3.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the '/var/backup/tower' directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ansible Tower versions 3.5.x through 3.5.2 Ansible Tower versions 3.6.x through 3.6.1 **Description** A flaw was found in Ansible Tower where enabling RabbitMQ manager by setting it with '-e rabbitmq enable manager=true' exposes the RabbitMQ management interface publicly. If the default admin user is still active, an attacker could guess the password and gain access to the system. **Recommendations** For versions 3.5.x through 3.5.2, update to version 3.5.3 or later to resolve the issue. For versions 3.6.x through 3.6.1, update to version 3.6.2 or later to resolve the issue. As a temporary workaround, consider disabling the RabbitMQ manager by setting '-e rabbitmq enable manager=false' to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ansible versions 2.6.x through 2.6.18 Ansible versions 2.7.x through 2.7.12 Ansible versions 2.8.x through 2.8.3 **Description** The issue is related to insufficient input validation in the Ansible configuration management system. This could allow a remote attacker to gain unauthorized access to protected information. The problem arises when using `ansible-playbook -k` and Ansible CLI tools, where passwords are expanded from templates and may contain special characters, potentially triggering template execution and exposing the passwords. **Recommendations** For Ansible versions 2.6.x through 2.6.18, update to version 2.6.19 or later. For Ansible versions 2.7.x through 2.7.12, update to version 2.7.13 or later. For Ansible versions 2.8.x through 2.8.3, update to version 2.8.4 or later.

**Name of the Vulnerable Software and Affected Versions** Ansible Tower versions prior to 3.3.3 **Description** The issue is related to the insecure configuration channel settings for messaging celery workers from RabbitMQ, which could lead to a data leak of sensitive information such as passwords and denial of service attacks by deleting projects or inventory files. **Recommendations** For Ansible Tower versions prior to 3.3.3, update to version 3.3.3 or later to resolve the issue. As a temporary workaround, consider configuring a secure channel for messaging celery workers from RabbitMQ to minimize the risk of exploitation. Restrict access to sensitive information and projects to prevent potential data leaks and denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Ansible (affected versions not specified) **Description** The issue is related to the Ansible "User" module, which leaks data passed as parameters to ssh-keygen. This could lead to undesirable situations where sensitive information, such as passphrases or credentials, is exposed in clear text to users with access to the process list. An attacker could exploit this to gain unauthorized access to confidential user information by accessing the process list. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.