Samdoran

**Name of the Vulnerable Software and Affected Versions** Ansible Engine versions 2.7.x through 2.9.x **Description** A flaw was found in Ansible Engine when a file is moved using the atomic move primitive, as the file mode cannot be specified. This sets the destination file's world-readable if the destination file does not exist, and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. **Recommendations** For versions 2.7.x, 2.8.x, and 2.9.x, consider restricting file permissions to minimize the risk of sensitive data disclosure until a patch is available. As a temporary workaround, consider implementing additional access controls to sensitive files to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Ansible Engine versions 2.7.x through 2.9.x **Description** A flaw was found in the Ansible Engine when the fetch module is used, allowing an attacker to intercept the module, inject a new path, and choose a new destination path on the controller node. The vulnerability is related to insufficient path name restrictions in the fetch module, which could allow an attacker to access and compromise confidential data. **Recommendations** For versions 2.7.x, 2.8.x, and 2.9.x, consider disabling the fetch module until a patch is available to prevent exploitation. Restrict access to the controller node to minimize the risk of an attacker choosing a new destination path. Avoid using the fetch module in sensitive environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ansible Engine versions 2.7.x through 2.9.x **Description** A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the `write data` method is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. **Recommendations** For versions 2.7.x, 2.8.x, and 2.9.x, consider disabling the `write data` method until a patch is available to prevent insecure file recreation. Restrict access to the temporary files created by Ansible Vault to minimize the risk of exploitation. Avoid using the `ansible-vault edit` command until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ansible versions 2.7.16 and prior Ansible versions 2.8.8 and prior Ansible versions 2.9.5 and prior **Description** A flaw was found in Ansible when a password is set with the argument `password` of the svn module, it is used on the svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. The vulnerability is related to information disclosure and could allow an attacker to access confidential data and compromise its integrity. **Recommendations** For Ansible versions 2.7.16 and prior, consider disabling the `password` argument of the svn module until a patch is available. For Ansible versions 2.8.8 and prior, restrict access to the svn module to minimize the risk of exploitation. For Ansible versions 2.9.5 and prior, avoid using the `password` argument in the svn module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ansible Engine versions 2.7.x through 2.9.x **Description** A flaw was found in Ansible Engine when the module package or service is used and the parameter `use` is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. **Recommendations** For versions 2.7.x, 2.8.x, and 2.9.x, consider specifying the `use` parameter when using the module package or service to prevent exploitation. As a temporary workaround, restrict access to the ansible facts file to minimize the risk of exploitation. Avoid using the module package or service with untrusted users until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Ansible Engine versions 2.7.17 and prior Ansible Engine versions 2.8.9 and prior Ansible Engine versions 2.9.6 and prior **Description** The issue is related to a race condition flaw in Ansible Engine when running a playbook with an unprivileged become user. This flaw can be exploited to gain access to confidential data, compromise data integrity, and cause a denial of service. The vulnerability is associated with insecure temporary files created in /var/tmp. An attacker could exploit this by taking control of the become user, as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'. **Recommendations** For Ansible Engine versions 2.7.17 and prior, update to a version that includes the fix for this issue. For Ansible Engine versions 2.8.9 and prior, update to a version that includes the fix for this issue. For Ansible Engine versions 2.9.6 and prior, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the temporary directory in /var/tmp to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ansible versions 2.7.17 and prior Ansible versions 2.8.9 and prior Ansible versions 2.9.6 and prior **Description** A flaw was found in Ansible when using the Extract-Zip function from the win unzip module. The extracted file(s) are not checked if they belong to the destination folder, allowing an attacker to craft an archive anywhere in the file system using a path traversal. This issue may impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Ansible versions 2.7.17 and prior, update to version 2.10 or later. For Ansible versions 2.8.9 and prior, update to version 2.10 or later. For Ansible versions 2.9.6 and prior, update to version 2.10 or later. As a temporary workaround, consider restricting the use of the win unzip module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Ansible (affected versions not specified) **Description** The issue is related to the pipe lookup plugin of Ansible, where arbitrary commands can be run when the plugin uses `subprocess.Popen()` with `shell=True` by overwriting Ansible facts. The variable is not escaped by the quote plugin, allowing an attacker to take advantage and run arbitrary commands by overwriting the Ansible facts. This could potentially allow a perpetrator to elevate their privileges and execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.