Multiple vulnerabilities in Red Hat Ansible Automation Platform 2.4

1) UNIX symbolic link following

EUVDB-ID: #VU81467

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5115

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. A local user can create a specially crafted symbolic link to files outside the application directory and overwrite them.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

python3x-django (Red Hat package): before 3.2.22-1.el8ap

python-django (Red Hat package): before 3.2.22-1.el9ap

automation-controller (Red Hat package): before 4.4.6-1.el9ap

ansible-core (Red Hat package): before 2.15.5-1.el9ap

External links

http://access.redhat.com/errata/RHSA-2023:5758

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU80395

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41164

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the django.utils.encoding.uri_to_iri() method. A remote attacker can pass a large number of characters to the affected method and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

python3x-django (Red Hat package): before 3.2.22-1.el8ap

python-django (Red Hat package): before 3.2.22-1.el9ap

automation-controller (Red Hat package): before 4.4.6-1.el9ap

ansible-core (Red Hat package): before 2.15.5-1.el9ap

External links

http://access.redhat.com/errata/RHSA-2023:5758

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU81657

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-43665

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the chars() and words() methods. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

python3x-django (Red Hat package): before 3.2.22-1.el8ap

python-django (Red Hat package): before 3.2.22-1.el9ap

automation-controller (Red Hat package): before 4.4.6-1.el9ap

ansible-core (Red Hat package): before 2.15.5-1.el9ap

External links

http://access.redhat.com/errata/RHSA-2023:5758

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.