A safety alert issued for Ansible has acquired an replace from BSI. You can examine which merchandise are affected by the safety hole right here at information.de.
Federal Office for Security on Information Technology (BSI) revealed an replace on May 21, 2024 relating to a safety vulnerability in Ansible that was identified on January 18, 2024. The safety vulnerability impacts Linux and Windows working methods and Red Hat Enterprise Linux merchandise, SUSE Linux, Open Source Ansible and Fedora Linux.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3043 (From 22 May 2024). Some helpful assets are listed later on this article.
Security advisory on Appropriate – Risk: medium
Risk degree: 2 (reasonable)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc methods. The CVSS normal makes it doable to check potential or precise safety dangers primarily based on varied standards as a way to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally bear in mind adjustments over time within the threat scenario. The threat of the vulnerability talked about right here is classed as “reasonable” in response to the CVSS with a base rating of seven.5.
Vulnerability: Vulnerability permits info disclosure
Ansible is software program for automating cloud provisioning, configuration administration, and software deployment for the Fedora Linux distribution obtainable from Red Hat.
An attacker might exploit a vulnerability in Ansible to show info.
Vulnerabilities have been labeled utilizing the CVE (Common Vulnerability and Exposure) designation system for every serial quantity CVE-2024-0690.
Systems affected by the vulnerability can be found at a look
Operating methods
Linux, Windows
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Open Source Ansible Core Fedora Linux Core
General suggestions for coping with IT vulnerabilities
- Users of affected methods ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically incorporates further details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to often test if IT safety alert Affected producers present a brand new safety replace.
Manufacturer details about updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug stories, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3043 vom 2024-05-22 (21.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1509-1 vom 2024-05-06 (06.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1427-1 vom 2024-04-24 (24.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0322 vom 2024-02-07 (07.02.2024)
For extra info, see:
Fedora Security Advisory vom 2024-01-18 (18.01.2024)
For extra info, see:
Anible GitHub vom 2024-01-18 (18.01.2024)
For extra info, see:
Red Hat Bugzilla dated 2024-01-18 (18.01.2024)
For extra info, see:
Version historical past of this safety alert
This is model 5 of this Ansible IT safety discover. This doc shall be up to date as extra updates are introduced. You can examine adjustments or additions on this model historical past.
January 18, 2024 – First model
02/07/2024 – New updates from Red Hat have been added
April 24, 2024 – New updates from SUSE added
May 6, 2024 – New updates from SUSE added
May 21, 2024 – New updates from Red Hat added
+++ Editorial word: This doc relies on present BSI knowledge and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover scorching information, present movies and a direct line to the editorial group.
kns/roj/information.de