What is CVE-2020-10697?

CVE-2020-10697 is a vulnerability found in Ansible Tower when running Openshift, allowing an attacker to cause a denial of service attack by polluting the memcached cache.

How does CVE-2020-10697 impact the affected software?

CVE-2020-10697 can cause a denial of service attack on Ansible Tower when running Openshift.

What is the severity rating of CVE-2020-10697?

CVE-2020-10697 has a severity rating of medium with a score of 4.4.

How can I fix CVE-2020-10697?

To fix CVE-2020-10697, update Ansible Tower to version 3.6.4, 3.5.6, or 3.4.6, depending on your current version.

Where can I find more information about CVE-2020-10697?

You can find more information about CVE-2020-10697 on the Red Hat Bugzilla page: https://bugzilla.redhat.com/show_bug.cgi?id=1818445

Vulnerability/
CVE-2020-10697

medium

4.4

CWE

400 862

28/3/2020

27/5/2021

4/8/2024

CVE-2020-10697

First published: Sat Mar 28 2020(Updated: )

A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which memcached is designed. Theoretically, more sophisticated attacks can be performed by manipulating and crafting the cache, as Tower relies on memcached as a place to pull out setting values. Confidential and sensitive data stored in memcached should not be pulled, as this information is encrypted. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/ansible_tower	<3.6.4	3.6.4
redhat/ansible_tower	<3.5.6	3.5.6
redhat/ansible_tower	<3.4.6	3.4.6
Redhat Ansible Tower	<3.4.6
Redhat Ansible Tower	>=3.5.0<3.5.6
Redhat Ansible Tower	>=3.6.0<3.6.4

Never miss a vulnerability like this again

Reference Links

https://bugzilla.redhat.com/show_bug.cgi?id=1818445

Frequently Asked Questions

What is CVE-2020-10697?
CVE-2020-10697 is a vulnerability found in Ansible Tower when running Openshift, allowing an attacker to cause a denial of service attack by polluting the memcached cache.
How does CVE-2020-10697 impact the affected software?
CVE-2020-10697 can cause a denial of service attack on Ansible Tower when running Openshift.
What is the severity rating of CVE-2020-10697?
CVE-2020-10697 has a severity rating of medium with a score of 4.4.
How can I fix CVE-2020-10697?
To fix CVE-2020-10697, update Ansible Tower to version 3.6.4, 3.5.6, or 3.4.6, depending on your current version.
Where can I find more information about CVE-2020-10697?
You can find more information about CVE-2020-10697 on the Red Hat Bugzilla page: https://bugzilla.redhat.com/show_bug.cgi?id=1818445

collector/nvd-index
agent/weakness
agent/type
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/references
agent/author
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-10697
agent/software-canonical-lookup
agent/event
agent/tags
vendor/redhat
canonical/redhat ansible tower
version/redhat ansible tower/3.5.0
version/redhat ansible tower/3.6.0
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.