Vulnerabilities > Redhat > Ansible Engine > 2.8.0

DATE CVE VULNERABILITY TITLE RISK
2020-03-09 CVE-2020-1737 Path Traversal vulnerability in Redhat Ansible Tower
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder.
local
low complexity
redhat CWE-22
7.8
2019-10-14 CVE-2019-14858 Information Exposure Through Log Files vulnerability in Redhat Ansible Engine
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5.
local
low complexity
redhat CWE-532
5.5
2019-10-08 CVE-2019-14846 In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level.
local
low complexity
redhat debian opensuse
7.8