First published: Sat Mar 28 2020(Updated: )
Tower executes a memcached which is accessed via TCP on a domain socket that it is shared amongst containers on Openshift. Making OpenShift memcached deployment insecure.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/ansible_tower | <3.6.4 | 3.6.4 |
redhat/ansible_tower | <3.5.6 | 3.5.6 |
redhat/ansible_tower | <3.4.6 | 3.4.6 |
Redhat Ansible Tower | <3.4.6 | |
Redhat Ansible Tower | >=3.5.0<3.5.6 | |
Redhat Ansible Tower | >=3.6.0<3.6.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10697 is a vulnerability found in Ansible Tower when running Openshift, allowing an attacker to cause a denial of service attack by polluting the memcached cache.
CVE-2020-10697 can cause a denial of service attack on Ansible Tower when running Openshift.
CVE-2020-10697 has a severity rating of medium with a score of 4.4.
To fix CVE-2020-10697, update Ansible Tower to version 3.6.4, 3.5.6, or 3.4.6, depending on your current version.
You can find more information about CVE-2020-10697 on the Red Hat Bugzilla page: https://bugzilla.redhat.com/show_bug.cgi?id=1818445