VYPR

Ansible

by Red Hat

pypi: ansible

Source repositories

CVEs (50)

  • CVE-2019-10206Nov 22, 2019
    risk 0.00cvss epss 0.01

    ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger…

  • CVE-2019-14858Oct 14, 2019
    risk 0.00cvss epss 0.00

    A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub…

  • CVE-2019-14846Oct 8, 2019
    risk 0.00cvss epss 0.01

    In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not…

  • CVE-2019-10156Jul 30, 2019
    risk 0.00cvss epss 0.02

    A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any…

  • CVE-2019-3828Mar 27, 2019
    risk 0.00cvss epss 0.01

    Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

  • CVE-2018-16876Jan 3, 2019
    risk 0.00cvss epss 0.02

    ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

  • CVE-2018-16859Nov 29, 2018
    risk 0.00cvss epss 0.01

    Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the…

  • CVE-2015-3908Aug 12, 2015
    risk 0.00cvss epss 0.01

    Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

  • CVE-2013-4260Sep 16, 2013
    risk 0.00cvss epss 0.00

    lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.

  • CVE-2013-4259Sep 16, 2013
    risk 0.00cvss epss 0.00

    runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.

Page 3 of 3