VYPR

rpm package

suse/ansible&distro=SUSE Package Hub 15 SP3

pkg:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2015%20SP3

Vulnerabilities (26)

  • CVE-2021-20180Mar 16, 2022
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat f

  • CVE-2020-10729May 27, 2021
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be tha

  • CVE-2021-20191May 26, 2021
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulne

  • CVE-2021-20178May 26, 2021
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat f

  • CVE-2021-20228Apr 29, 2021
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from

  • CVE-2020-14332Sep 11, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is t

  • CVE-2020-14330Sep 11, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other user

  • CVE-2019-14904Aug 25, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw

  • CVE-2020-1746May 12, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are use

  • CVE-2020-10685May 11, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble,

  • CVE-2020-10691Apr 30, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwr

  • CVE-2019-14905Mar 31, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parame

  • CVE-2020-10684Mar 24, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker

  • CVE-2020-1738Mar 16, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x

  • CVE-2020-1740Mar 16, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descripto

  • CVE-2020-1735Mar 16, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

  • CVE-2020-1736Mar 16, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restricti

  • CVE-2020-1753Mar 16, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are

  • CVE-2020-1739Mar 12, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cm

  • CVE-2020-1733Mar 11, 2020
    affected < 2.9.21-bp153.2.3.1fixed 2.9.21-bp153.2.3.1

    A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is cr

Page 1 of 2