Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible Engine, in ansible-engine 2.8.x before 2.8.15, and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation, even when the disablegpgcheck parameter is set to False—which is the default...

Amazon Linux 2 : ansible (ALASANSIBLE2-2023-005)

The version of ansible installed on the remote host is prior to 2.9.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ANSIBLE2-2023-005 advisory. A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when...

K52013062: Ansible Engine vulnerability CVE-2020-14365

Security Advisory Description A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the...

SUSE CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...

Mageia: Security Advisory (MGASA-2020-0363)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Improper Verification of Cryptographic Signature in ansible

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...

CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...

UBUNTU-CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...

PYSEC-2020-209

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...

CVE-2020-14365

CVE-2020-14365 affects the Ansible Engine (ansible-engine 2.8.x before 2.8.15; 2.9.x before 2.9.13). When using the dnf module, GPG signatures are ignored during installation if disable_gpg_check is False, allowing potentially malicious packages to be installed and their installation scripts to e...

Updated ansible package fixes security vulnerabilities

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...

PT-2020-6578 · Red Hat +2 · Ansible Engine +2

Name of the Vulnerable Software and Affected Versions: Ansible Engine versions 2.8.x through 2.8.14 Ansible Engine versions 2.9.x through 2.9.12 Description: A flaw was found in the Ansible Engine when installing packages using the dnf module. GPG signatures are ignored during installation even...

ansible: dnf module install packages with no GPG signature

A flaw was found in the Ansible Engine when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code...

Important: Red Hat Security Advisory: Ansible security and bug fix update (2.9.13)

An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

Important: Red Hat Security Advisory: Ansible security and bug fix update (2.8.15)

An update for ansible is now available for Ansible Engine 2.8 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Man-in-the-Middle (MitM)

ansible is vulnerable to man-in-the-middle MitM. The vulnerability exists as the dnf module does not perform validation of GPG signatures during the installation of packages...