Vulnerabilities > Redhat > Ansible Engine > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-22 CVE-2021-3583 Code Injection vulnerability in Redhat Ansible Automation Platform and Ansible Tower
A flaw was found in Ansible, where a user's controller is vulnerable to template injection.
local
low complexity
redhat CWE-94
7.1
2021-04-29 CVE-2021-20228 Information Exposure vulnerability in multiple products
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module.
network
low complexity
redhat debian CWE-200
7.5
2020-09-23 CVE-2020-14365 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module.
local
low complexity
redhat debian
7.1
2020-03-09 CVE-2020-1737 Path Traversal vulnerability in Redhat Ansible Tower
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder.
local
low complexity
redhat CWE-22
7.8
2020-03-03 CVE-2020-1734 Unspecified vulnerability in Redhat Ansible Engine and Ansible Tower
A flaw was found in the pipe lookup plugin of ansible.
local
high complexity
redhat
7.4
2019-10-08 CVE-2019-14846 In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level.
local
low complexity
redhat debian opensuse
7.8
2018-10-23 CVE-2018-16837 Missing Encryption of Sensitive Data vulnerability in multiple products
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen.
local
low complexity
redhat debian suse CWE-311
7.8
2018-07-13 CVE-2018-10875 Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
redhat debian suse canonical CWE-426
7.8
2018-07-02 CVE-2018-10874 Unspecified vulnerability in Redhat products
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
local
low complexity
redhat
7.8