PT-2021-9170 · Red Hat · Ansible Tower
Borja Tarraso
·
Published
2021-05-27
·
Updated
2022-10-21
·
CVE-2020-10709
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Ansible Tower versions prior to 3.6.4
Ansible Tower versions prior to 3.5.6
Description
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower.
Recommendations
For Ansible Tower versions prior to 3.6.4, update to version 3.6.4 or later.
For Ansible Tower versions prior to 3.5.6, update to version 3.5.6 or later.
As a temporary workaround, consider restricting access to OAuth2 tokens to minimize the risk of exploitation.
Fix
Improper Authentication
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ansible Tower