Vulnerabilities > Redhat > Ansible Engine > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-03 | CVE-2021-3620 | Information Exposure Through an Error Message vulnerability in Redhat products A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. | 5.5 |
| 2020-09-23 | CVE-2020-14365 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. | 6.6 |
| 2020-09-11 | CVE-2020-14332 | Improper Output Neutralization for Logs vulnerability in multiple products A flaw was found in the Ansible Engine when using module_args. | 5.5 |
| 2020-09-11 | CVE-2020-14330 | Information Exposure Through Log Files vulnerability in multiple products An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. | 5.5 |
| 2020-05-12 | CVE-2020-1746 | Information Exposure vulnerability in multiple products A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. | 5.0 |
| 2020-05-11 | CVE-2020-10685 | Incomplete Cleanup vulnerability in multiple products A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. | 5.5 |
| 2020-04-30 | CVE-2020-10691 | Path Traversal vulnerability in Redhat Ansible Engine and Ansible Tower An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. | 5.2 |
| 2020-03-31 | CVE-2019-14905 | Exposure of Resource to Wrong Sphere vulnerability in multiple products A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. | 5.6 |
| 2020-03-16 | CVE-2020-1753 | Information Exposure Through Process Environment vulnerability in multiple products A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. | 5.5 |
| 2018-07-26 | CVE-2016-8647 | Improper Input Validation vulnerability in Redhat Ansible Engine An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. | 4.9 |