PT-2020-12307 · Ansible +3 · Ansible Tower +5

Name of the Vulnerable Software and Affected Versions: Ansible Engine versions prior to 2.9.9 Ansible Tower versions prior to 3.6.4 Description: The issue is related to an insecure temporary directory when running become user from the become directive. The provided fix is insufficient to prevent ...

CVE-2018-16859

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext passwor...