1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-5315-1

[USN-5315-1] Ansible vulnerabilities

Severity High
Affected Packages 7
CVEs 4
Info Packages Vulnerabilities

Several security issues were fixed in Ansible.

It was discovered that Ansible did not properly manage directory
permissions when running playbooks with an unprivileged become user. A
local attacker could possibly use this issue to cause a race condition,
escalate privileges and execute arbitrary code. This issue only affected
Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-1733)

It was discovered that the fix to address CVE-2020-1733 in Ansible was
incomplete on systems using ACLs and FUSE filesystems. A local attacker
could possibly use this issue to cause a race condition, escalate
privileges and execute arbitrary code. This issue only affected
Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-10744)

It was discovered that Ansible did not properly manage multi-line YAML
strings and special template characters. A local attacker could possibly
use this issue to cause a template injection, resulting in the
disclosure of sensitive information or other unspecified impact.
(CVE-2021-3583)

It was discovered that the ansible-connection module in Ansible did
not properly manage certain error messages. A local attacker could
possibly use this issue to expose sensitive information. This issue
only affected Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2021-3620)

Package Affected Version
pkg:deb/ubuntu/ansible?distro=xenial < 2.0.0.2-2ubuntu1.3+esm1
pkg:deb/ubuntu/ansible?distro=jammy < 2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm1
pkg:deb/ubuntu/ansible?distro=focal < 2.9.6+dfsg-1ubuntu0.1~esm1
pkg:deb/ubuntu/ansible?distro=bionic < 2.5.1+dfsg-1ubuntu0.1+esm1
pkg:deb/ubuntu/ansible-node-fireball?distro=xenial < 2.0.0.2-2ubuntu1.3+esm1
pkg:deb/ubuntu/ansible-fireball?distro=xenial < 2.0.0.2-2ubuntu1.3+esm1
pkg:deb/ubuntu/ansible-doc?distro=focal < 2.9.6+dfsg-1ubuntu0.1~esm1
ID
USN-5315-1
Severity
high
Severity from
CVE-2021-3583
URL
https://ubuntu.com/security/notices/USN-5315-1
Published
2022-06-07T14:43:08
(2 years ago)
Modified
2022-06-07T14:43:08
(2 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/ansible?distro=xenial ubuntu ansible < 2.0.0.2-2ubuntu1.3+esm1 xenial
Affected pkg:deb/ubuntu/ansible?distro=jammy ubuntu ansible < 2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm1 jammy
Affected pkg:deb/ubuntu/ansible?distro=focal ubuntu ansible < 2.9.6+dfsg-1ubuntu0.1~esm1 focal
Affected pkg:deb/ubuntu/ansible?distro=bionic ubuntu ansible < 2.5.1+dfsg-1ubuntu0.1+esm1 bionic
Affected pkg:deb/ubuntu/ansible-node-fireball?distro=xenial ubuntu ansible-node-fireball < 2.0.0.2-2ubuntu1.3+esm1 xenial
Affected pkg:deb/ubuntu/ansible-fireball?distro=xenial ubuntu ansible-fireball < 2.0.0.2-2ubuntu1.3+esm1 xenial
Affected pkg:deb/ubuntu/ansible-doc?distro=focal ubuntu ansible-doc < 2.9.6+dfsg-1ubuntu0.1~esm1 focal
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date