VYPR

rpm package

opensuse/ansible&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/ansible&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2014-4967Feb 18, 2020
    affected < 2.2.0.0-1.1fixed 2.2.0.0-1.1

    Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp="

  • CVE-2014-4966Feb 18, 2020
    affected < 2.2.0.0-1.1fixed 2.2.0.0-1.1

    Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.

  • CVE-2016-3096HigJun 3, 2016
    affected < 2.2.0.0-1.1fixed 2.2.0.0-1.1

    The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory,

  • CVE-2015-3908Aug 12, 2015
    affected < 2.2.0.0-1.1fixed 2.2.0.0-1.1

    Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.