rpm package
opensuse/ansible-13&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ansible-13&distro=openSUSE%20Tumbleweed
Vulnerabilities (45)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7466 | Hig | 8.0 | < 13.7.0-1.1 | 13.7.0-1.1 | Jun 22, 2018 | Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbi | |
| CVE-2016-9587 | Hig | 8.1 | < 13.7.0-1.1 | 13.7.0-1.1 | Apr 24, 2018 | Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi | |
| CVE-2017-7550 | Cri | 9.8 | < 13.7.0-1.1 | 13.7.0-1.1 | Nov 21, 2017 | A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t | |
| CVE-2016-3096 | Hig | 7.8 | < 13.7.0-1.1 | 13.7.0-1.1 | Jun 3, 2016 | The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, | |
| CVE-2015-3908 | — | < 13.7.0-1.1 | 13.7.0-1.1 | Aug 12, 2015 | Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |
- affected < 13.7.0-1.1fixed 13.7.0-1.1
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbi
- affected < 13.7.0-1.1fixed 13.7.0-1.1
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi
- affected < 13.7.0-1.1fixed 13.7.0-1.1
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t
- affected < 13.7.0-1.1fixed 13.7.0-1.1
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory,
- CVE-2015-3908Aug 12, 2015affected < 13.7.0-1.1fixed 13.7.0-1.1
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Page 3 of 3