Vulnerabilities > Redhat > Ansible Engine > 2.9

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2021-3620 Information Exposure Through an Error Message vulnerability in Redhat products
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message.
local
low complexity
redhat CWE-209
5.5
2021-09-22 CVE-2021-3583 Code Injection vulnerability in Redhat Ansible Automation Platform and Ansible Tower
A flaw was found in Ansible, where a user's controller is vulnerable to template injection.
local
low complexity
redhat CWE-94
7.1
2021-04-29 CVE-2021-20228 Information Exposure vulnerability in multiple products
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module.
network
low complexity
redhat debian CWE-200
7.5
2020-09-11 CVE-2020-14330 Information Exposure Through Log Files vulnerability in multiple products
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output.
local
low complexity
redhat debian CWE-532
5.5