CVE-2020-10744
Race Condition vulnerability in ansible (PyPI)
What is CVE-2020-10744 About?
An incomplete fix for CVE-2020-1733 in Ansible Engine and Tower results in a race condition due to insecure temporary directories, especially on systems using ACLs and FUSE filesystems. This can lead to unauthorized access or privilege escalation. Exploiting this vulnerability requires specific system configurations and timing, making it moderately complex.
Affected Software
- ansible
- <2.9.12
- >=2.10.0a1, <2.10.0rc1
- >=2.7.0, <2.8.0a1
Technical Details
This vulnerability is an incomplete fix for CVE-2020-1733, which addressed an issue concerning insecure temporary directories when using the become_user from the become directive in Ansible. The initial fix is insufficient to mitigate a race condition, particularly on systems that employ Access Control Lists (ACLs) and FUSE filesystems. In such environments, an attacker can exploit the time window between the creation of a temporary directory and its secure setup. During this window, or if the permissions are not correctly enforced upon creation/use with ACLs/FUSE, an attacker could either gain unauthorized access to the temporary directory's contents or potentially inject malicious files, leading to privilege escalation or arbitrary code execution within the context of the become_user.
What is the Impact of CVE-2020-10744?
Successful exploitation may allow attackers to achieve privilege escalation, execute arbitrary code, or gain unauthorized access to sensitive information.
What is the Exploitability of CVE-2020-10744?
Exploiting this race condition requires specific timing and knowledge of the system's configuration regarding ACLs and FUSE filesystems, indicating a high complexity level. Authenticated access to Ansible Engine or Tower, with the ability to run playbooks using the become_user directive, is a prerequisite. This is typically a local attack or an attack by an authenticated user. The attacker would need to craft a payload that exploits the race condition during temporary directory creation. The risk is significantly higher in environments where ACLs and FUSE filesystems are in use, as these conditions enable the race to occur.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-10744?
Available Upgrade Options
- ansible
- >=2.7.0, <2.8.0a1 → Upgrade to 2.8.0a1
- ansible
- <2.9.12 → Upgrade to 2.9.12
- ansible
- >=2.10.0a1, <2.10.0rc1 → Upgrade to 2.10.0rc1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/advisories/GHSA-vp9j-rghq-8jhh
- https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml
- https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80
- https://github.com/ansible/ansible
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744
- https://github.com/ansible/ansible/issues/69782
- https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d
- https://osv.dev/vulnerability/PYSEC-2020-208
- https://nvd.nist.gov/vuln/detail/CVE-2020-10744
What are Similar Vulnerabilities to CVE-2020-10744?
Similar Vulnerabilities: CVE-2023-38408 , CVE-2021-41772 , CVE-2021-36770 , CVE-2021-27920 , CVE-2020-15582
