VYPR

rpm package

opensuse/ansible-13&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/ansible-13&distro=openSUSE%20Tumbleweed

Vulnerabilities (45)

  • CVE-2017-7466HigJun 22, 2018
    affected < 13.7.0-1.1fixed 13.7.0-1.1

    Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbi

  • CVE-2016-9587HigApr 24, 2018
    affected < 13.7.0-1.1fixed 13.7.0-1.1

    Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi

  • CVE-2017-7550CriNov 21, 2017
    affected < 13.7.0-1.1fixed 13.7.0-1.1

    A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t

  • CVE-2016-3096HigJun 3, 2016
    affected < 13.7.0-1.1fixed 13.7.0-1.1

    The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory,

  • CVE-2015-3908Aug 12, 2015
    affected < 13.7.0-1.1fixed 13.7.0-1.1

    Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Page 3 of 3