rpm package
suse/uyuni-tools&distro=SUSE Manager Client Tools 15-BETA
pkg:rpm/suse/uyuni-tools&distro=SUSE%20Manager%20Client%20Tools%2015-BETA
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-1313 | Med | 6.5 | < 0.1.9-159000.3.11.5 | 0.1.9-159000.3.11.5 | Mar 26, 2024 | It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the per | |
| CVE-2023-6152 | — | < 0.1.7-159000.3.8.1 | 0.1.7-159000.3.8.1 | Feb 13, 2024 | A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. | ||
| CVE-2024-0690 | — | < 0.1.7-159000.3.8.1 | 0.1.7-159000.3.8.1 | Feb 6, 2024 | An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive infor | ||
| CVE-2023-5764 | — | < 0.1.7-159000.3.8.1 | 0.1.7-159000.3.8.1 | Dec 12, 2023 | A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templa | ||
| CVE-2020-14365 | — | < 0.1.7-159000.3.8.1 | 0.1.7-159000.3.8.1 | Sep 23, 2020 | A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default be | ||
| CVE-2016-8647 | — | < 0.1.7-159000.3.8.1 | 0.1.7-159000.3.8.1 | Jul 26, 2018 | An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. | ||
| CVE-2018-10874 | — | < 0.1.7-159000.3.8.1 | 0.1.7-159000.3.8.1 | Jul 2, 2018 | In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | ||
| CVE-2016-9587 | — | < 0.1.7-159000.3.8.1 | 0.1.7-159000.3.8.1 | Apr 24, 2018 | Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi | ||
| CVE-2017-7550 | Cri | 9.8 | < 0.1.7-159000.3.8.1 | 0.1.7-159000.3.8.1 | Nov 21, 2017 | A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t |
- affected < 0.1.9-159000.3.11.5fixed 0.1.9-159000.3.11.5
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the per
- CVE-2023-6152Feb 13, 2024affected < 0.1.7-159000.3.8.1fixed 0.1.7-159000.3.8.1
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
- CVE-2024-0690Feb 6, 2024affected < 0.1.7-159000.3.8.1fixed 0.1.7-159000.3.8.1
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive infor
- CVE-2023-5764Dec 12, 2023affected < 0.1.7-159000.3.8.1fixed 0.1.7-159000.3.8.1
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templa
- CVE-2020-14365Sep 23, 2020affected < 0.1.7-159000.3.8.1fixed 0.1.7-159000.3.8.1
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default be
- CVE-2016-8647Jul 26, 2018affected < 0.1.7-159000.3.8.1fixed 0.1.7-159000.3.8.1
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
- CVE-2018-10874Jul 2, 2018affected < 0.1.7-159000.3.8.1fixed 0.1.7-159000.3.8.1
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
- CVE-2016-9587Apr 24, 2018affected < 0.1.7-159000.3.8.1fixed 0.1.7-159000.3.8.1
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi
- affected < 0.1.7-159000.3.8.1fixed 0.1.7-159000.3.8.1
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t