CVE-2020-10697
First published: Sat Mar 28 2020(Updated: )
Tower executes a memcached which is accessed via TCP on a domain socket that it is shared amongst containers on Openshift. Making OpenShift memcached deployment insecure.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ansible_tower | <3.6.4 | 3.6.4 |
| redhat/ansible_tower | <3.5.6 | 3.5.6 |
| redhat/ansible_tower | <3.4.6 | 3.4.6 |
| Redhat Ansible Tower | <3.4.6 | |
| Redhat Ansible Tower | >=3.5.0<3.5.6 | |
| Redhat Ansible Tower | >=3.6.0<3.6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10697?
CVE-2020-10697 is a vulnerability found in Ansible Tower when running Openshift, allowing an attacker to cause a denial of service attack by polluting the memcached cache.
How does CVE-2020-10697 impact the affected software?
CVE-2020-10697 can cause a denial of service attack on Ansible Tower when running Openshift.
What is the severity rating of CVE-2020-10697?
CVE-2020-10697 has a severity rating of medium with a score of 4.4.
How can I fix CVE-2020-10697?
To fix CVE-2020-10697, update Ansible Tower to version 3.6.4, 3.5.6, or 3.4.6, depending on your current version.
Where can I find more information about CVE-2020-10697?
You can find more information about CVE-2020-10697 on the Red Hat Bugzilla page: https://bugzilla.redhat.com/show_bug.cgi?id=1818445
- collector/redhat-bugzilla
- alias/CVE-2020-10697
- collector/nvd-index
- package-manager/redhat
- vendor/redhat
- canonical/redhat ansible tower
- version/redhat ansible tower/3.5.0
- version/redhat ansible tower/3.6.0