77 matches found
EUVD-2026-38604
Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...
CVE-2026-11819
The CVE-2026-11819 issue affects the Ansible community.general keyring_info module. The module reads a passphrase from the OS keyring and writes it directly to result["passphrase"] without output suppression. Root cause shows protected input variable (line with no_log=True) but unprotected output...
CVE-2026-11820
A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials apikey and apisecret into URL query parameters and sending them via GET requests. This causes credentials to be exposed in web...
Astra Linux – Vulnerability in Ansible
A vulnerability was discovered in Ansible Engine 2.x up to 2.8, and in Ansible Tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are...
EUVD-2020-3129
Malware in sbrugna...
EUVD-2018-4517
Malware in sbrugna...
EUVD-2021-0004
Malware in sbrugna...
EUVD-2019-0002
Malware in sbrugna...
EUVD-2020-0007
Malware in sbrugna...
EUVD-2019-0007
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-14858
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog...
Linux Distros Unpatched Vulnerability : CVE-2021-3447
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well...
Medium: ansible-core
Issue Overview: A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in...
Exposure Of Sensitive Information In Log Files
Ansible is vulnerable to Exposure of Sensitive Information in Log Files. The vulnerability is caused due to insufficient protection of sensitive data when the nolog: true parameter is omitted while loading vaulted variables, allowing sensitive information, such as passwords or API keys, to be...
CVE-2024-8775
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...
CVE-2024-8775
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...
CVE-2024-8775 Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...
CVE-2024-8775 Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...
CVE-2024-8775
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...
CVE-2024-8775
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...