62 matches found
Path Traversal in Ansible
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
MGASA-2020-0217 Updated ansible packages fix security vulnerabilities
Updated ansible package fixes security vulnerabilities: A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with...
ansible: path injection on dest parameter in fetch module
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node...
ansible: path injection on dest parameter in fetch module
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node...
ansible: path injection on dest parameter in fetch module
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node...
ansible: path injection on dest parameter in fetch module
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node...
DEBIAN-CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
PYSEC-2020-7
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
PYSEC-2020-7
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
Design/Logic Flaw
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
CVE-2020-1735
CVE-2020-1735 is a vulnerability in the Ansible Engine where the fetch module can be intercepted, enabling an attacker to inject a new path and choose a different destination path on the controller. The issue affects all 2.7.x, 2.8.x and 2.9.x branches. Connected advisories confirm multiple vendo...
CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
PT-2020-6580
Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.x through 2.9.x Description A flaw was found in the Ansible Engine when the fetch module is used, allowing an attacker to intercept the module, inject a new path, and choose a new destination path on the controller...
CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. Mitigation Currently, there is no mitigation for this issue except avoid using the affected fetch module...
Ansible: path traversal in the fetch module
A path traversal flaw was found in ansible. The fetch module allows copying and overwriting files outside of the specified destination in the local ansible controller host by not restricting an absolute path. The main threat from this vulnerability is to data confidentiality and integrity...
USN-4072-1 ansible vulnerabilities
It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. CVE-2017-7481 CVE-2018-10855 CVE-2018-16837 CVE-2018-16876 CVE-2019-10156 It was discovered that Ansible could load configuration files from the curren...