Privilege Escalation Using Become Plugin

  • Query id: 404908b6-4954-4611-98f0-e8ceacdabcb1
  • Query name: Privilege Escalation Using Become Plugin
  • Platform: Ansible
  • Severity: Medium
  • Category: Access Control
  • CWE: 286
  • URL: Github

Description

In order to perform an action as a different user with the become_user, 'become' must be defined and set to 'true'
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - cfg file
[defaults]
action_warnings=True
cowsay_enabled_stencils=bud-frogs, bunny, cheese, daemon, default, dragon, elephant-in-snake, elephant, eyes, hellokitty, kitty, luke-koala, meow, milk, moofasa, moose, ren, sheep, small, stegosaurus, stimpy, supermilker, three-eyes, turkey, turtle, tux, udder, vader-koala, vader, www
cow_selection=default
force_color=False
nocolor=False
nocows=False
any_errors_fatal=False
fact_caching=memory
become=False
become_ask_pass=False
become_method=sudo
become_user=root
Positive test num. 2 - cfg file
[defaults]
action_warnings=True
cowsay_enabled_stencils=bud-frogs, bunny, cheese, daemon, default, dragon, elephant-in-snake, elephant, eyes, hellokitty, kitty, luke-koala, meow, milk, moofasa, moose, ren, sheep, small, stegosaurus, stimpy, supermilker, three-eyes, turkey, turtle, tux, udder, vader-koala, vader, www
cow_selection=default
force_color=False
nocolor=False
nocows=False
any_errors_fatal=False
fact_caching=memory
become_ask_pass=False
become_method=sudo
become_user=root

Code samples without security vulnerabilities

Negative test num. 1 - cfg file
[defaults]
action_warnings=True
cowsay_enabled_stencils=bud-frogs, bunny, cheese, daemon, default, dragon, elephant-in-snake, elephant, eyes, hellokitty, kitty, luke-koala, meow, milk, moofasa, moose, ren, sheep, small, stegosaurus, stimpy, supermilker, three-eyes, turkey, turtle, tux, udder, vader-koala, vader, www
cow_selection=default
force_color=False
nocolor=False
nocows=False
any_errors_fatal=False
become_plugins=~/.ansible/plugins/become:/usr/share/ansible/plugins/become
fact_caching=memory
Negative test num. 2 - cfg file
[defaults]
action_warnings=True
cowsay_enabled_stencils=bud-frogs, bunny, cheese, daemon, default, dragon, elephant-in-snake, elephant, eyes, hellokitty, kitty, luke-koala, meow, milk, moofasa, moose, ren, sheep, small, stegosaurus, stimpy, supermilker, three-eyes, turkey, turtle, tux, udder, vader-koala, vader, www
cow_selection=default
force_color=False
nocolor=False
nocows=False
any_errors_fatal=False
fact_caching=memory
become_ask_pass=False
become_method=sudo
become=True
become_user=root