Privilege Escalation Using Become Plugin
- Query id: 0e75052f-cc02-41b8-ac39-a78017527e95
- Query name: Privilege Escalation Using Become Plugin
- Platform: Ansible
- Severity: Medium
- Category: Access Control
- URL: Github
Description¶
In order to perform an action as a different user with the become_user, 'become' must be defined and set to 'true'
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- hosts: localhost
name: become_user without become
become_user: bar
tasks:
- name: Simple hello
ansible.builtin.debug:
msg: hello
---
- hosts: localhost
name: become_user with become false
become_user: root
become: false
tasks:
- name: Simple hello
ansible.builtin.debug:
msg: hello
---
- hosts: localhost
tasks:
- name: become and become_user on different tasks
block:
- name: Sample become
become: true
ansible.builtin.command: ls .
- name: Sample become_user
become_user: foo
ansible.builtin.command: ls .
---
- hosts: localhost
tasks:
- name: become false
block:
- name: Sample become
become: true
ansible.builtin.command: ls .
- name: Sample become_user
become_user: postgres
become: false
ansible.builtin.command: ls .
---
- hosts: localhost
tasks:
- name: become_user with become task as false
ansible.builtin.command: whoami
become_user: mongodb
become: false
changed_when: false
---
- hosts: localhost
tasks:
- name: become_user without become
ansible.builtin.command: whoami
become_user: mysql
changed_when: false
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
---
- hosts: localhost
become_user: postgres
become: true
tasks:
- name: some task
ansible.builtin.command: whoamyou
changed_when: false
---
- hosts: localhost
tasks:
- name: become from the same scope
ansible.builtin.command: whoami
become: true
become_user: postgres
changed_when: false