VYPR

Ansible

by Red Hat

pypi: ansible

Source repositories

CVEs (50)

  • CVE-2018-10884HigAug 22, 2018
    risk 0.57cvss 8.8epss 0.01

    Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.

  • CVE-2017-7550CriNov 21, 2017
    risk 0.57cvss 9.8epss 0.04

    A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords…

  • CVE-2017-12148HigJul 27, 2018
    risk 0.55cvss 8.4epss 0.02

    A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a…

  • CVE-2024-1657HigApr 25, 2024
    risk 0.53cvss 8.1epss 0.00

    A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting…

  • CVE-2016-7070HigSep 11, 2018
    risk 0.52cvss 8.0epss 0.01

    A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.

  • CVE-2014-3498HigJun 8, 2017
    risk 0.50cvss 8.8epss 0.03

    The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.

  • CVE-2026-11332HigJun 5, 2026
    risk 0.44cvss 7.8epss 0.00

    A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags…

  • CVE-2015-6240HigJun 7, 2017
    risk 0.44cvss 7.8epss 0.00

    The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.

  • CVE-2016-3096HigJun 3, 2016
    risk 0.44cvss 7.8epss 0.00

    The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path…

  • CVE-2016-8628HigJul 31, 2018
    risk 0.43cvss 7.6epss 0.03

    Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.

  • CVE-2024-9902MedNov 6, 2024
    risk 0.34cvss 6.3epss 0.00

    A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home…

  • CVE-2017-7528MedAug 22, 2018
    risk 0.34cvss 5.2epss 0.01

    Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).

  • CVE-2016-8614MedJul 31, 2018
    risk 0.34cvss 6.3epss 0.02

    A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.

  • CVE-2024-11079MedNov 12, 2024
    risk 0.29cvss 5.5epss 0.01

    A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly…

  • CVE-2024-8775MedSep 14, 2024
    risk 0.29cvss 5.5epss 0.00

    A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter,…

  • CVE-2016-8647MedJul 26, 2018
    risk 0.25cvss 4.9epss 0.01

    An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

  • CVE-2026-11819Jun 23, 2026
    risk 0.00cvss epss 0.00

    Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential Manager) and places it directly into…

  • CVE-2025-53862Jul 11, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.

  • CVE-2024-0690Feb 6, 2024
    risk 0.00cvss epss 0.00

    An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive…

  • CVE-2020-25636Oct 5, 2020
    risk 0.00cvss epss 0.00

    A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly…

Page 1 of 3