CVE-2020-10697

Name of the Vulnerable Software and Affected Versions Ansible Tower versions prior to 3.6.4 Ansible Tower versions prior to 3.5.6 Ansible Tower versions prior to 3.4.6

Description A flaw was found in Ansible Tower when running Openshift, where Tower runs a memcached accessed via TCP. An attacker can exploit this by writing a playbook that pollutes the cache, causing a denial of service attack. This attack can reduce Tower performance, as memcached is designed for this purpose. More sophisticated attacks can be performed by manipulating the cache, as Tower relies on memcached for setting values. Confidential data stored in memcached is encrypted and should not be pulled.

Recommendations For versions prior to 3.6.4, update to version 3.6.4 or later to resolve the issue. For versions prior to 3.5.6, update to version 3.5.6 or later to resolve the issue. For versions prior to 3.4.6, update to version 3.4.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the memcached to minimize the risk of exploitation.