Vulnerabilities > Redhat > Ansible Engine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-31 | CVE-2019-14905 | Exposure of Resource to Wrong Sphere vulnerability in multiple products A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. | 5.6 |
| 2020-03-16 | CVE-2020-1753 | Information Exposure Through Process Environment vulnerability in multiple products A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. | 5.5 |
| 2020-03-09 | CVE-2020-1737 | Path Traversal vulnerability in Redhat Ansible Tower A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. | 7.8 |
| 2020-03-03 | CVE-2020-1734 | OS Command Injection vulnerability in Redhat Ansible Engine and Ansible Tower A flaw was found in the pipe lookup plugin of ansible. | 7.4 |
| 2019-10-14 | CVE-2019-14858 | Information Exposure Through Log Files vulnerability in Redhat Ansible Engine A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. | 2.1 |
| 2019-10-08 | CVE-2019-14846 | Improper Output Neutralization for Logs vulnerability in multiple products In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. | 2.1 |
| 2019-01-03 | CVE-2018-16876 | Information Exposure vulnerability in multiple products ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. | 3.5 |
| 2018-11-29 | CVE-2018-16859 | Information Exposure Through Log Files vulnerability in Redhat Ansible Engine Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. | 2.1 |
| 2018-10-23 | CVE-2018-16837 | Missing Encryption of Sensitive Data vulnerability in multiple products Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. | 2.1 |
| 2018-07-26 | CVE-2016-8647 | Improper Input Validation vulnerability in Redhat Ansible Engine An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. | 4.9 |