Ansible@* Security Vulnerabilities and Issues — Ansible@* CVE List

Lucene search

RedhatAnsible*

8 matches found

CVE•added 2019/11/22 1:15 p.m.•276 views

CVE-2019-10206

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

6.5CVSS6.6AI score0.0028EPSS

CVE•added 2019/03/27 1:29 p.m.•269 views

CVE-2019-3828

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

4.2CVSS4.7AI score0.00043EPSS

CVE•added 2019/01/03 3:29 p.m.•256 views

CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

5.3CVSS5AI score0.01032EPSS

CVE•added 2019/10/08 7:15 p.m.•241 views

CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible module...

7.8CVSS7.3AI score0.00086EPSS

CVE•added 2019/10/14 3:15 p.m.•230 views

CVE-2019-14858

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are process...

7.3CVSS5.4AI score0.0004EPSS

CVE•added 2019/11/25 4:15 p.m.•217 views

CVE-2019-10217

A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data ma...

6.5CVSS6.4AI score0.0048EPSS

CVE•added 2019/11/26 2:15 p.m.•207 views

CVE-2019-14856

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None

6.5CVSS6.3AI score0.00326EPSS

CVE•added 2019/07/30 11:15 p.m.•189 views

CVE-2019-10156

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be dis...

5.5CVSS5.7AI score0.00524EPSS