rpm package
suse/ansible&distro=SUSE OpenStack Cloud Crowbar 8
pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
Vulnerabilities (84)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7466 | — | < 2.9.14-3.15.1 | 2.9.14-3.15.1 | Jun 22, 2018 | Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbi | ||
| CVE-2016-9587 | — | < 2.9.14-3.15.1 | 2.9.14-3.15.1 | Apr 24, 2018 | Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi | ||
| CVE-2017-7550 | Cri | 9.8 | < 2.9.14-3.15.1 | 2.9.14-3.15.1 | Nov 21, 2017 | A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t | |
| CVE-2017-1000246 | Med | 5.3 | < 2.4.6.0-3.9.1 | 2.4.6.0-3.9.1 | Nov 17, 2017 | Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. |
- CVE-2017-7466Jun 22, 2018affected < 2.9.14-3.15.1fixed 2.9.14-3.15.1
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbi
- CVE-2016-9587Apr 24, 2018affected < 2.9.14-3.15.1fixed 2.9.14-3.15.1
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi
- affected < 2.9.14-3.15.1fixed 2.9.14-3.15.1
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t
- affected < 2.4.6.0-3.9.1fixed 2.4.6.0-3.9.1
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
Page 5 of 5