Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0015

Malware in sbrugna...

5.9CVSS6.8AI score0.03088EPSS
Exploits0References19
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-0007

Malware in sbrugna...

6.5CVSS6.7AI score0.01857EPSS
Exploits1References23
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2018-10855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive da...

5.9CVSS7.1AI score0.03088EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2017-7481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, th...

9.8CVSS7.1AI score0.04617EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/11/15 12:31 a.m.6 views

galaxy-ng (>=4.2.0 <=4.4.5), pulp-ansible (>=0.2.0 <=0.6.2) potentially affected by CVE-2023-5189 via galaxy-importer (>=0.1.1 <=0.4.0)

galaxy-importer PYPI version =0.1.1, =4.2.0, =0.2.0, =0.6.2 Source cves: CVE-2023-5189 Source advisory: OSV:GHSA-55G2-VM3Q-7W52...

6.5CVSS6.4AI score0.00834EPSS
Exploits1
OSV
OSV
added 2021/04/29 4:15 p.m.7 views

AZL-6304 CVE-2021-20228 affecting package ansible for versions less than 2.12.1-1

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the nolog feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability...

7.5CVSS7.1AI score0.02043EPSS
Exploits0References1
PyPA
PyPA
added 2020/08/26 3:15 a.m.5 views

PYSEC-2020-161

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

7.3CVSS7.1AI score0.00418EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2020/05/12 6:15 p.m.26 views

CVE-2020-1746

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...

5CVSS6.7AI score0.00406EPSS
Exploits0References3
OSV
OSV
added 2020/01/02 3:15 p.m.1 views

DEBIAN-CVE-2019-14864

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag nolog set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data...

6.5CVSS6.7AI score0.01857EPSS
Exploits1References1
OSV
OSV
added 2019/11/26 2:15 p.m.28 views

CVE-2019-14856

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None...

6.5CVSS6.3AI score0.01649EPSS
Exploits0References4
OSV
OSV
added 2019/10/08 7:15 p.m.2 views

PYSEC-2019-4

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

7.8CVSS6.7AI score0.00509EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2019/07/23 12:0 a.m.5 views

PT-2019-5285

Name of the Vulnerable Software and Affected Versions Ansible versions 2.6.x through 2.6.18 Ansible versions 2.7.x through 2.7.12 Ansible versions 2.8.x through 2.8.3 Description The issue is related to insufficient input validation in the Ansible configuration management system. This could allow...

7.1CVSS7.8AI score0.01503EPSS
Exploits0References190
ATTACKERKB
ATTACKERKB
added 2019/01/03 3:29 p.m.4 views

CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with nolog on that can lead to leakage of sensible data...

5.3CVSS5.5AI score0.02462EPSS
Exploits0References16Affected Software1
OSV
OSV
added 2018/07/19 1:29 p.m.3 views

DEBIAN-CVE-2017-7481

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2...

9.8CVSS7.5AI score0.04617EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/07/12 1:14 p.m.5 views

ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...

5.9CVSS7.2AI score0.03088EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/06/28 5:21 a.m.1 views

ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...

5.9CVSS7.2AI score0.03088EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/06/19 7:27 p.m.3 views

ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...

5.9CVSS7.2AI score0.03088EPSS
Exploits0References5
OSV
OSV
added 2018/05/04 8:29 p.m.1 views

DEBIAN-CVE-2013-2233

Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys...

7.4CVSS6.8AI score0.01963EPSS
Exploits0References1
OSV
OSV
added 2018/04/24 4:29 p.m.4 views

UBUNTU-CVE-2016-9587

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute...

8.1CVSS7.4AI score0.1765EPSS
Exploits5References2
OSV
OSV
added 2017/11/21 5:29 p.m.4 views

DEBIAN-CVE-2017-7550

A flaw was found in the way Ansible 2.3.x before 2.3.3, and 2.4.x before 2.4.1 passed certain parameters to the jenkinsplugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in th...

9.8CVSS7.9AI score0.0353EPSS
Exploits0References1
Rows per page
Query Builder