Ansible@2.7.0 Security Vulnerabilities and Issues — Ansible@2.7.0 CVE List

Lucene search

RedhatAnsible2.7.0

5 matches found

CVE•added 2019/11/22 1:15 p.m.•280 views

CVE-2019-10206

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

6.5CVSS6.6AI score0.00214EPSS

CVE•added 2019/03/27 1:29 p.m.•275 views

CVE-2019-3828

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

4.2CVSS4.7AI score0.00039EPSS

CVE•added 2019/01/03 3:29 p.m.•260 views

CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

5.3CVSS5AI score0.01032EPSS

CVE•added 2019/11/26 2:15 p.m.•211 views

CVE-2019-14856

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None

6.5CVSS6.3AI score0.00365EPSS

CVE•added 2019/07/30 11:15 p.m.•195 views

CVE-2019-10156

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be dis...

5.5CVSS5.7AI score0.0063EPSS