Ansible Engine@2.0 Security Vulnerabilities and Issues — Ansible Engine@2.0 CVE List

Lucene search

RedhatAnsible Engine2.0

8 matches found

CVE•added 2018/03/13 6:29 p.m.•387 views

CVE-2018-7750

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demo...

9.8CVSS9.4AI score0.22204EPSS

CVE•added 2019/01/03 3:29 p.m.•256 views

CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

5.3CVSS5AI score0.01032EPSS

CVE•added 2018/07/03 1:29 a.m.•248 views

CVE-2018-10855

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...

5.9CVSS5.7AI score0.02523EPSS

CVE•added 2018/07/13 10:29 p.m.•248 views

CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

7.8CVSS7.7AI score0.00062EPSS

CVE•added 2018/10/23 3:29 p.m.•247 views

CVE-2018-16837

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to ...

7.8CVSS5.4AI score0.00041EPSS

CVE•added 2019/10/08 7:15 p.m.•241 views

CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible module...

7.8CVSS7.3AI score0.00086EPSS

CVE•added 2018/07/02 1:29 p.m.•155 views

CVE-2018-10874

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

7.8CVSS7.8AI score0.00061EPSS

CVE•added 2021/04/29 4:15 p.m.•154 views

CVE-2021-20228

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability ...

7.5CVSS7AI score0.00113EPSS