Ansible Security Vulnerabilities and Issues — Ansible CVE List

Lucene search

RedhatAnsible

4 matches found

CVE•added 2019/11/22 1:15 p.m.•276 views

CVE-2019-10206

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

6.5CVSS6.6AI score0.0028EPSS

CVE•added 2020/01/02 3:15 p.m.•276 views

CVE-2019-14864

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

6.5CVSS6.4AI score0.01154EPSS

CVE•added 2019/11/25 4:15 p.m.•217 views

CVE-2019-10217

A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data ma...

6.5CVSS6.4AI score0.0048EPSS

CVE•added 2019/11/26 2:15 p.m.•207 views

CVE-2019-14856

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None

6.5CVSS6.3AI score0.00326EPSS