SB2024050721 - SUSE update for SUSE Manager Client Tools
Published: May 7, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Key management errors (CVE-ID: CVE-2016-8614)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
2) Command Injection (CVE-ID: CVE-2016-8628)
The vulnerability allows a remote privileged user to execute arbitrary code.
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
3) Improper input validation (CVE-ID: CVE-2016-8647)
The vulnerability allows an adjacent attacker to bypass security restrictions on the target system.The weakness exists due to input validation error in Ansible's mysql_user module that may lead to incorrect password changing. An adjacent attacker can use the previous password and bypass security restrictions.
Successful exploitation of the vulnerability may result in access to the system.
4) Improper input validation (CVE-ID: CVE-2017-7466)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing responses, send by clients to Ansible server. A remote client can send a specially crafted response and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Information disclosure through log files (CVE-ID: CVE-2017-7550)
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to improper passing of certain parameters to the jenkins_plugin module. A remote attacker can gain access to potentially sensitive sensitive information from a remote host's logs.
6) Privilege escalation (CVE-ID: CVE-2018-10874)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to the system reads the 'ansible.cfg' file from the current working directory when running an ad-hoc command. A local attacker can modify the file to reference arbitrary plugin or module paths and execute arbitrary code from those paths with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Race condition (CVE-ID: CVE-2020-10744)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incomplete fix for race condition for SB2020032420 #8 (CVE-2020-1733) on systems using ACLs and FUSE filesystems. A local user can exploit the race and escalate privileges on the system.
8) Input validation error (CVE-ID: CVE-2020-14330)
The vulnerability allows a local authenticated user to gain access to sensitive information.
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
9) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2020-14332)
The vulnerability allows a local authenticated user to gain access to sensitive information.
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
10) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2020-14365)
The vulnerability allows a local authenticated user to #BASIC_IMPACT#.
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.
11) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2020-1753)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files when managing Kubernetes using the k8s connection plugin. A local user can read the log files and gain access to sensitive data.
12) Code Injection (CVE-ID: CVE-2023-5764)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when handling templates. A remote user can remove the unsafe designation from template data and execute arbitrary code on the system.
13) Incorrect authorization (CVE-ID: CVE-2023-6152)
The vulnerability allows a remote attacker to bypass email verification.
The vulnerability exists due to email addresses are verified only during sign up, if "verify_email_enabled" option is set. A remote attacker can register an account and then set an arbitrary email address without verification.
14) Memory leak (CVE-ID: CVE-2024-0690)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak caused by a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. A local user can gain access to potentially sensitive information.
15) Improper Authorization (CVE-ID: CVE-2024-1313)
The vulnerability allows a remote attacker to bypass authorization.
The vulnerability exists due to improper authorization checks. A remote user outside an organization can send a DELETE request to /api/snapshots/ using its view key to bypass authorization and delete a snapshot.
Remediation
Install update from vendor's website.