Lucene search
+L

22 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine. This flaw occurs in all versions of Ansible Engine from 2.7.x, 2.8.x, and 2.9.x, up to 2.7.17, 2.8.9, and 2.9.6. The issue arises when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled. After a clean operation,...

7.9CVSS6.9AI score0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-0003

Malware in sbrugna...

3.9CVSS6.9AI score0.00381EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-10684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of...

7.9CVSS7AI score0.00345EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/08/21 5:7 p.m.74 views

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.7AI score0.62575EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.5 views

SUSE CVE-2020-10684

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker could take advantag...

7.1CVSS9.1AI score0.00345EPSS
Exploits0References6
OSV
OSV
added 2021/04/07 8:37 p.m.10 views

GHSA-P62G-JHG6-V3RQ Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.11, and 2.9.7 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker could take...

7.1CVSS6.9AI score0.00345EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2020/04/22 2:11 p.m.11 views

Ansible: code injection when using ansible_facts as a subkey

A flaw was found in the Ansible Engine. When using ansiblefacts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansiblefacts after the clean, an attacker could take advantage of this by altering the ansiblefacts leading to privilege escalation or...

7.9CVSS7.2AI score0.00345EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/22 2:11 p.m.6 views

Ansible: code injection when using ansible_facts as a subkey

A flaw was found in the Ansible Engine. When using ansiblefacts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansiblefacts after the clean, an attacker could take advantage of this by altering the ansiblefacts leading to privilege escalation or...

7.9CVSS7.2AI score0.00345EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/22 2:10 p.m.6 views

Ansible: code injection when using ansible_facts as a subkey

A flaw was found in the Ansible Engine. When using ansiblefacts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansiblefacts after the clean, an attacker could take advantage of this by altering the ansiblefacts leading to privilege escalation or...

7.9CVSS7.2AI score0.00345EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/22 2:10 p.m.7 views

Ansible: code injection when using ansible_facts as a subkey

A flaw was found in the Ansible Engine. When using ansiblefacts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansiblefacts after the clean, an attacker could take advantage of this by altering the ansiblefacts leading to privilege escalation or...

7.9CVSS7.2AI score0.00345EPSS
Exploits0References4
OSV
OSV
added 2020/03/24 2:15 p.m.3 views

DEBIAN-CVE-2020-10684

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker could take advantag...

7.1CVSS7.4AI score0.00345EPSS
Exploits0References1
PyPA
PyPA
added 2020/03/24 2:15 p.m.7 views

PYSEC-2020-207

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker could take advantag...

7.9CVSS6.9AI score0.00345EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2020/03/24 2:15 p.m.2 views

PYSEC-2020-207

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker could take advantag...

7.9CVSS6.9AI score0.00345EPSS
Exploits0References6
NVD
NVD
added 2020/03/16 4:15 p.m.15 views

CVE-2020-1738

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branch...

3.9CVSS5.5AI score0.00381EPSS
Exploits0References3
OSV
OSV
added 2020/03/16 4:15 p.m.17 views

CVE-2020-1738

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branch...

3.9CVSS4AI score0.00381EPSS
Exploits0References3
OSV
OSV
added 2020/03/16 4:15 p.m.7 views

PYSEC-2020-10

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branch...

3.9CVSS6.7AI score0.00381EPSS
Exploits0References4
OSV
OSV
added 2020/03/03 10:15 p.m.24 views

CVE-2020-1734

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...

7.4CVSS7.5AI score0.00444EPSS
Exploits0References2
OSV
OSV
added 2020/03/03 10:15 p.m.14 views

PYSEC-2020-6

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...

7.4CVSS6.8AI score0.00444EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/03/03 9:23 p.m.97 views

CVE-2020-1734

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...

7.4CVSS7AI score0.00444EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/02/18 2:30 p.m.20 views

CVE-2020-1738

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. Mitigation Specify the parameter use when...

3.9CVSS4.1AI score0.00381EPSS
Exploits0References3
Rows per page
Query Builder