Ansible Security Vulnerabilities and Issues — Page 2 of Ansible CVE List

Lucene search

RedhatAnsible

59 matches found

CVE•added 2020/10/05 2:15 p.m.•57 views

CVE-2020-25635

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.

5.5CVSS5.5AI score0.00136EPSS

CVE•added 2020/02/18 3:15 p.m.•56 views

CVE-2014-4967

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a t...

9.8CVSS9.7AI score0.04747EPSS

CVE•added 2020/10/05 1:15 p.m.•56 views

CVE-2020-25636

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availabi...

7.1CVSS6.7AI score0.00129EPSS

CVE•added 2020/02/20 3:15 p.m.•54 views

CVE-2014-4658

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.

5.5CVSS5AI score0.00119EPSS

CVE•added 2020/01/09 1:15 p.m.•53 views

CVE-2014-2686

Ansible prior to 1.5.4 mishandles the evaluation of some strings.

7.5CVSS7.4AI score0.00376EPSS

CVE•added 2020/02/18 3:15 p.m.•52 views

CVE-2014-4966

Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.

9.8CVSS9.6AI score0.04747EPSS

CVE•added 2013/09/16 7:14 p.m.•50 views

CVE-2013-4259

runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.

1.9CVSS7AI score0.00051EPSS

CVE•added 2020/02/20 3:15 p.m.•45 views

CVE-2014-4659

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.

5.5CVSS5AI score0.00081EPSS

CVE•added 2017/06/08 6:29 p.m.•41 views

CVE-2014-3498

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.

8.8CVSS8.6AI score0.00548EPSS

Total number of security vulnerabilities59