Ansible@* Security Vulnerabilities and Issues — Page 2 of Ansible@* CVE List

Lucene search

RedhatAnsible*

56 matches found

CVE•added 2020/02/20 3:15 p.m.•54 views

CVE-2014-4658

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.

5.5CVSS5AI score0.00119EPSS

CVE•added 2020/01/09 1:15 p.m.•53 views

CVE-2014-2686

Ansible prior to 1.5.4 mishandles the evaluation of some strings.

7.5CVSS7.4AI score0.00376EPSS

CVE•added 2020/02/18 3:15 p.m.•52 views

CVE-2014-4966

Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.

9.8CVSS9.6AI score0.04747EPSS

CVE•added 2013/09/16 7:14 p.m.•50 views

CVE-2013-4259

runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.

1.9CVSS7AI score0.00051EPSS

CVE•added 2020/02/20 3:15 p.m.•45 views

CVE-2014-4659

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.

5.5CVSS5AI score0.00081EPSS

CVE•added 2017/06/08 6:29 p.m.•41 views

CVE-2014-3498

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.

8.8CVSS8.6AI score0.00548EPSS

Total number of security vulnerabilities56