Redhat Ansible
7 CVEs affecting Redhat Ansible. Latest disclosed: 2017-11-21. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-7550 | Critical | 9.8 | 2017-11-21 | A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could… |
CVE-2014-3498 | High | 8.8 | 2017-06-08 | The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. |
CVE-2015-6240 | High | 7.8 | 2017-06-07 | The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. |
CVE-2016-3096 | High | 7.8 | 2016-06-03 | The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain… |
CVE-2015-3908 | | 2015-08-12 | Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 cert… | |
CVE-2013-4260 | | 2013-09-16 | lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via… | |
CVE-2013-4259 | | 2013-09-16 | runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a soc… |