Vulnerabilities > Redhat > Ansible Engine

DATE CVE VULNERABILITY TITLE RISK
2020-03-31 CVE-2019-14905 Exposure of Resource to Wrong Sphere vulnerability in multiple products
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices.
local
low complexity
redhat fedoraproject opensuse CWE-668
5.6
2020-03-16 CVE-2020-1753 A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module.
local
low complexity
redhat debian fedoraproject
5.5
2020-03-09 CVE-2020-1737 Path Traversal vulnerability in Redhat Ansible Tower
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder.
local
low complexity
redhat CWE-22
7.8
2020-03-03 CVE-2020-1734 Unspecified vulnerability in Redhat Ansible Engine and Ansible Tower
A flaw was found in the pipe lookup plugin of ansible.
local
high complexity
redhat
7.4
2019-10-14 CVE-2019-14858 Information Exposure Through Log Files vulnerability in Redhat Ansible Engine
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5.
local
low complexity
redhat CWE-532
5.5
2019-10-08 CVE-2019-14846 In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level.
local
low complexity
redhat debian opensuse
7.8
2019-01-03 CVE-2018-16876 Information Exposure vulnerability in multiple products
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
network
high complexity
redhat debian suse canonical CWE-200
5.3
2018-11-29 CVE-2018-16859 Information Exposure Through Log Files vulnerability in Redhat Ansible Engine
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext.
local
low complexity
redhat CWE-532
4.4
2018-10-23 CVE-2018-16837 Missing Encryption of Sensitive Data vulnerability in multiple products
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen.
local
low complexity
redhat debian suse CWE-311
7.8
2018-07-26 CVE-2016-8647 Unspecified vulnerability in Redhat Ansible Engine
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances.
network
low complexity
redhat
4.9