Vulnerabilities > Redhat > Ansible Engine

DATE CVE VULNERABILITY TITLE RISK
2018-07-19 CVE-2017-7481 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe.
network
low complexity
redhat canonical debian
critical
9.8
2018-07-13 CVE-2018-10875 Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
redhat debian suse canonical CWE-426
7.8
2018-07-03 CVE-2018-10855 Information Exposure Through Log Files vulnerability in multiple products
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks.
network
high complexity
redhat debian canonical CWE-532
5.9
2018-07-02 CVE-2018-10874 Unspecified vulnerability in Redhat products
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
local
low complexity
redhat
7.8
2018-03-13 CVE-2018-7750 Improper Authentication vulnerability in multiple products
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open.
network
low complexity
paramiko redhat debian CWE-287
critical
9.8