Lucene search

Ansible Security Vulnerabilities - November 2019

cve

CVE-2019-10206

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

6.5CVSS

6.6AI Score

0.002EPSS

2019-11-22 01:15 PM

249

cve

CVE-2019-10217

A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data ma...

6.5CVSS

6.4AI Score

0.002EPSS

2019-11-25 04:15 PM

201

cve

CVE-2019-14856

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None

6.5CVSS

6.3AI Score

0.001EPSS

2019-11-26 02:15 PM

185