Ansible Security Vulnerabilities and Issues — Ansible CVE List

Lucene search

RedhatAnsible

10 matches found

CVE•added 2020/08/26 3:15 a.m.•274 views

CVE-2019-14904

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the nam...

7.3CVSS7.3AI score0.0004EPSS

CVE•added 2022/10/28 4:15 p.m.•221 views

CVE-2022-3697

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

7.5CVSS7.2AI score0.0011EPSS

CVE•added 2020/03/24 2:15 p.m.•174 views

CVE-2020-10684

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantag...

7.9CVSS7.1AI score0.00023EPSS

CVE•added 2023/12/12 10:15 p.m.•141 views

CVE-2023-5764

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.

7.8CVSS7.1AI score0.00071EPSS

CVE•added 2016/06/03 2:59 p.m.•122 views

CVE-2016-3096

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-att...

7.8CVSS7.4AI score0.00077EPSS

CVE•added 2018/07/31 9:29 p.m.•85 views

CVE-2016-8614

A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.

7.5CVSS7.3AI score0.00079EPSS

CVE•added 2017/06/07 8:29 p.m.•68 views

CVE-2015-6240

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.

7.8CVSS7.2AI score0.00029EPSS

CVE•added 2018/05/04 8:29 p.m.•67 views

CVE-2013-2233

Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.

7.4CVSS7.2AI score0.00369EPSS

CVE•added 2020/10/05 1:15 p.m.•58 views

CVE-2020-25636

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availabi...

7.1CVSS6.7AI score0.00129EPSS

CVE•added 2020/01/09 1:15 p.m.•54 views

CVE-2014-2686

Ansible prior to 1.5.4 mishandles the evaluation of some strings.

7.5CVSS7.4AI score0.00376EPSS