VYPR

rpm package

suse/ansible&distro=SUSE Package Hub 15 SP1

pkg:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2015%20SP1

Vulnerabilities (12)

  • CVE-2019-14904Aug 25, 2020
    affected < 2.9.6-bp151.3.6.1fixed 2.9.6-bp151.3.6.1

    A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw

  • CVE-2019-14905Mar 31, 2020
    affected < 2.9.6-bp151.3.6.1fixed 2.9.6-bp151.3.6.1

    A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parame

  • CVE-2019-14864Jan 2, 2020
    affected < 2.9.6-bp151.3.6.1fixed 2.9.6-bp151.3.6.1

    Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any s

  • CVE-2019-14856Nov 26, 2019
    affected < 2.9.6-bp151.3.6.1fixed 2.9.6-bp151.3.6.1

    ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None

  • CVE-2019-10217Nov 25, 2019
    affected < 2.9.6-bp151.3.6.1fixed 2.9.6-bp151.3.6.1

    A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. An

  • CVE-2019-10206Nov 22, 2019
    affected < 2.9.6-bp151.3.6.1fixed 2.9.6-bp151.3.6.1

    ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger an

  • CVE-2019-14858Oct 14, 2019
    affected < 2.9.6-bp151.3.6.1fixed 2.9.6-bp151.3.6.1

    A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub par

  • CVE-2019-14846Oct 8, 2019
    affected < 2.9.6-bp151.3.6.1fixed 2.9.6-bp151.3.6.1

    In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not af

  • CVE-2019-3828Mar 27, 2019
    affected < 2.8.1-bp151.3.3.1fixed 2.8.1-bp151.3.3.1

    Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

  • CVE-2018-16876Jan 3, 2019
    affected < 2.8.1-bp151.3.3.1fixed 2.8.1-bp151.3.3.1

    ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

  • CVE-2018-16859Nov 29, 2018
    affected < 2.8.1-bp151.3.3.1fixed 2.8.1-bp151.3.3.1

    Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the

  • CVE-2018-16837Oct 23, 2018
    affected < 2.8.1-bp151.3.3.1fixed 2.8.1-bp151.3.3.1

    Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which h