rpm package
suse/ansible&distro=SUSE Manager Proxy Module 4.3
pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Proxy%20Module%204.3
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-10874 | — | < 2.9.27-150000.1.17.2 | 2.9.27-150000.1.17.2 | Jul 2, 2018 | In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | ||
| CVE-2016-9587 | — | < 2.9.27-150000.1.17.2 | 2.9.27-150000.1.17.2 | Apr 24, 2018 | Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi | ||
| CVE-2017-7550 | Cri | 9.8 | < 2.9.27-150000.1.17.2 | 2.9.27-150000.1.17.2 | Nov 21, 2017 | A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t |
- CVE-2018-10874Jul 2, 2018affected < 2.9.27-150000.1.17.2fixed 2.9.27-150000.1.17.2
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
- CVE-2016-9587Apr 24, 2018affected < 2.9.27-150000.1.17.2fixed 2.9.27-150000.1.17.2
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi
- affected < 2.9.27-150000.1.17.2fixed 2.9.27-150000.1.17.2
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t
Page 2 of 2