Redhat Ansible_engine
25 CVEs affecting Redhat Ansible_engine. Latest disclosed: 2022-03-03. Critical: 2, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-7481 | Critical | 9.8 | 2018-07-19 | Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls… |
CVE-2018-7750 | Critical | 9.8 | 2018-03-13 | transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3… |
CVE-2019-14846 | High | 7.8 | 2019-10-08 | In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to… |
CVE-2018-16837 | High | 7.8 | 2018-10-23 | Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials… |
CVE-2018-10875 | High | 7.8 | 2018-07-13 | A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under th… |
CVE-2018-10874 | High | 7.8 | 2018-07-02 | In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allo… |
CVE-2021-20228 | High | 7.5 | 2021-04-29 | A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-opti… |
CVE-2020-1737 | High | 7.5 | 2020-03-09 | A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extract… |
CVE-2020-1734 | High | 7.4 | 2020-03-03 | A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by o… |
CVE-2021-3583 | High | 7.1 | 2021-09-22 | A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user… |
CVE-2020-14365 | High | 7.1 | 2020-09-23 | A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf mo… |
CVE-2018-10855 | Medium | 5.9 | 2018-07-03 | Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive… |
CVE-2019-14905 | Medium | 5.6 | 2020-03-31 | A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy… |
CVE-2021-3620 | Medium | 5.5 | 2022-03-03 | A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the… |
CVE-2020-10729 | Medium | 5.5 | 2021-05-27 | A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template… |
CVE-2020-14332 | Medium | 5.5 | 2020-09-11 | A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed… |
CVE-2019-14858 | Medium | 5.5 | 2019-10-14 | A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_… |
CVE-2018-16876 | Medium | 5.3 | 2019-01-03 | ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible d… |
CVE-2020-10691 | Medium | 5.2 | 2020-04-30 | An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a coll… |
CVE-2020-14330 | Medium | 5.0 | 2020-09-11 | An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. Thi… |