Ansible@2.7.0 Security Vulnerabilities and Issues — Ansible@2.7.0 CVE List

Lucene search

RedhatAnsible2.7.0

8 matches found

CVE•added 2019/11/22 1:15 p.m.•280 views

CVE-2019-10206

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

6.5CVSS6.6AI score0.00214EPSS

CVE•added 2020/01/02 3:15 p.m.•280 views

CVE-2019-14864

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

6.5CVSS6.4AI score0.00935EPSS

CVE•added 2019/03/27 1:29 p.m.•275 views

CVE-2019-3828

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

4.2CVSS4.7AI score0.00039EPSS

CVE•added 2019/01/03 3:29 p.m.•261 views

CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

5.3CVSS5AI score0.01032EPSS

CVE•added 2019/11/26 2:15 p.m.•211 views

CVE-2019-14856

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None

6.5CVSS6.3AI score0.00365EPSS

CVE•added 2019/07/30 11:15 p.m.•195 views

CVE-2019-10156

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be dis...

5.5CVSS5.7AI score0.0063EPSS

CVE•added 2020/03/24 2:15 p.m.•174 views

CVE-2020-10684

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantag...

7.9CVSS7.1AI score0.00023EPSS

CVE•added 2020/05/15 2:15 p.m.•138 views

CVE-2020-10744

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9...

5CVSS5.8AI score0.00038EPSS