Vulnerabilities > Redhat > Ansible

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-0690 Improper Encoding or Escaping of Output vulnerability in multiple products
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios.
local
low complexity
redhat fedoraproject CWE-116
5.5
2023-12-12 CVE-2023-5764 A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data.
local
low complexity
redhat fedoraproject
7.8
2022-10-28 CVE-2022-3697 Unspecified vulnerability in Redhat Ansible and Ansible Collection
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module.
network
low complexity
redhat
7.5
2022-03-16 CVE-2021-20180 Information Exposure Through Log Files vulnerability in Redhat Ansible
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module.
local
low complexity
redhat CWE-532
5.5
2021-05-26 CVE-2021-20191 A flaw was found in ansible.
local
low complexity
oracle redhat
5.5
2021-05-26 CVE-2021-20178 A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module.
local
low complexity
redhat fedoraproject
5.5
2021-04-01 CVE-2021-3447 A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode.
local
low complexity
redhat fedoraproject
5.5
2020-10-05 CVE-2020-25635 Improper Cross-boundary Removal of Sensitive Data vulnerability in Redhat Ansible 2.10.1
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed.
local
low complexity
redhat CWE-212
5.5
2020-10-05 CVE-2020-25636 Files or Directories Accessible to External Parties vulnerability in Redhat Ansible 2.10.1
A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers.
local
low complexity
redhat CWE-552
7.1
2020-08-26 CVE-2019-14904 A flaw was found in the solaris_zone module from the Ansible Community modules.
local
low complexity
redhat debian
7.3