Vulnerabilities > Redhat > Ansible Engine > 2.9.6

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2021-3620 Unspecified vulnerability in Redhat products
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message.
local
low complexity
redhat
5.5
5.5
2021-09-22 CVE-2021-3583 Code Injection vulnerability in Redhat Ansible Automation Platform and Ansible Tower
A flaw was found in Ansible, where a user's controller is vulnerable to template injection.
local
low complexity
redhat CWE-94
7.1
7.1
2020-09-23 CVE-2020-14365 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module.
local
low complexity
redhat debian
7.1
7.1
2020-09-11 CVE-2020-14332 A flaw was found in the Ansible Engine when using module_args.
local
low complexity
redhat debian
5.5
5.5
2020-09-11 CVE-2020-14330 Information Exposure Through Log Files vulnerability in multiple products
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output.
local
low complexity
redhat debian CWE-532
5.5
5.5
2020-05-12 CVE-2020-1746 A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used.
local
low complexity
redhat debian
5.0
5.0
2020-05-11 CVE-2020-10685 Incomplete Cleanup vulnerability in multiple products
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules.
local
low complexity
redhat debian CWE-459
5.5
5.5
2020-04-30 CVE-2020-10691 Path Traversal vulnerability in Redhat Ansible Engine and Ansible Tower
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install.
local
low complexity
redhat CWE-22
5.2
5.2
2020-03-16 CVE-2020-1753 A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module.
local
low complexity
redhat debian fedoraproject
5.5
5.5