Certificate validation disabled within Ansible DNF module

Description

This policy detects whether the dnf module in Ansible disables certificate validation when making HTTPS requests. Disabling certificate validation can potentially expose the system to various security vulnerabilities, including man-in-the-middle attacks.

Code Example

yaml

- name: Example
  ansible.builtin.dnf:
    name: nginx
    state: latest
    validate_certs: true

Remediation

Ansible

Module: dnf
Attribute: validate_certs

To mitigate this risk, ensure that the `validate_certs`` attribute in your Ansible dnf tasks is either left at its default value (true) or explicitly set to 'true'. This ensures that SSL/TLS certificates are verified during connections, maintaining the security of HTTPS communication.

Secure Code Example:

Rule Details

Field	Value
ID	IAC-0053
Severity	MEDIUM
IaC Type	Ansible
Frameworks	Ansible
Checkov ID	CKV2_ANSIBLE_6

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Certificate validation disabled within Ansible DNF module

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Certificate validation disabled within Ansible DNF module ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Certificate validation disabled within Ansible DNF module

Description

Code Example

Remediation

Rule Details

References