Lucene search
+L

301 matches found

OSV
OSV
added 2024/09/16 3:34 a.m.13 views

RHBA-2020:0784 Red Hat Bug Fix Advisory: Ansible 2.9.6 release for Ansible Engine 2.9

Bulletin has no description...

5CVSS5.6AI score0.00435EPSS
Exploits1References7
OSV
OSV
added 2024/09/13 6:9 p.m.17 views

RHBA-2020:4195 Red Hat Bug Fix Advisory: Ansible 2.8.16 release for Ansible Engine 2.8

Bulletin has no description...

5CVSS6.3AI score0.00506EPSS
Exploits1References6
VulnCheck KEV
VulnCheck KEV
added 2024/05/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-10684

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker could take...

7.9CVSS6.9AI score0.00345EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.27 views

Amazon Linux 2 : ansible (ALASANSIBLE2-2023-009)

The version of ansible installed on the remote host is prior to 2.9.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ANSIBLE2-2023-009 advisory. A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone o...

7.3CVSS7.2AI score0.00736EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.37 views

Amazon Linux 2 : ansible (ALASANSIBLE2-2023-006)

The version of ansible installed on the remote host is prior to 2.9.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ANSIBLE2-2023-006 advisory. An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive da...

5.5CVSS7AI score0.00568EPSS
Exploits2References8
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Important: ansible

Issue Overview: A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default...

7.1CVSS7.4AI score0.00233EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.5 views

Important: ansible

Issue Overview: A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker cou...

7.9CVSS7.4AI score0.00506EPSS
Exploits3
F5 Networks
F5 Networks
added 2023/02/21 7:48 p.m.35 views

K52013062: Ansible Engine vulnerability CVE-2020-14365

Security Advisory Description A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the...

7.1CVSS8.1AI score0.00233EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.4 views

SUSE CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

2.3CVSS8.8AI score0.00509EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.3 views

SUSE CVE-2019-14858

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...

2.3CVSS9AI score0.00427EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.5 views

SUSE CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

7.2CVSS9.2AI score0.00736EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.4 views

SUSE CVE-2019-14904

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

7.2CVSS9.2AI score0.00418EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.3 views

SUSE CVE-2020-1733

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

5CVSS9.1AI score0.004EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.3 views

SUSE CVE-2020-1736

A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions...

2.2CVSS8.9AI score0.00401EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.5 views

SUSE CVE-2020-1738

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branch...

5CVSS8.8AI score0.00381EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.4 views

SUSE CVE-2020-1735

A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...

4.2CVSS8.8AI score0.00487EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.4 views

SUSE CVE-2020-1746

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...

5CVSS9AI score0.00406EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.4 views

SUSE CVE-2020-1753

A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl...

5.5CVSS9.2AI score0.00506EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.5 views

SUSE CVE-2020-10684

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker could take advantag...

7.1CVSS9.1AI score0.00345EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.4 views

SUSE CVE-2020-10685

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchiv...

5CVSS8.9AI score0.00376EPSS
Exploits0References6
Rows per page
Query Builder