Vulnerabilities > Redhat > Ansible Engine > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-01-03 CVE-2018-16876 Information Exposure vulnerability in multiple products
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
network
high complexity
redhat debian suse canonical CWE-200
5.3
2018-11-29 CVE-2018-16859 Information Exposure Through Log Files vulnerability in Redhat Ansible Engine
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext.
local
low complexity
redhat CWE-532
4.4
2018-07-26 CVE-2016-8647 Unspecified vulnerability in Redhat Ansible Engine
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances.
network
low complexity
redhat
4.9
2018-07-03 CVE-2018-10855 Information Exposure Through Log Files vulnerability in multiple products
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks.
network
high complexity
redhat debian canonical CWE-532
5.9