Vulnerabilities > Redhat > Ansible
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2024-0690 | Improper Encoding or Escaping of Output vulnerability in multiple products An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. | 5.5 |
| 2023-12-12 | CVE-2023-5764 | A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. | 7.8 |
| 2022-10-28 | CVE-2022-3697 | Unspecified vulnerability in Redhat Ansible and Ansible Collection A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. | 7.5 |
| 2022-03-16 | CVE-2021-20180 | Information Exposure Through Log Files vulnerability in Redhat Ansible A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. | 2.1 |
| 2021-05-26 | CVE-2021-20191 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in ansible. | 5.5 |
| 2021-05-26 | CVE-2021-20178 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. | 5.5 |
| 2021-04-01 | CVE-2021-3447 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. | 5.5 |
| 2020-10-05 | CVE-2020-25635 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Redhat Ansible 2.10.1 A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. | 5.5 |
| 2020-10-05 | CVE-2020-25636 | Files or Directories Accessible to External Parties vulnerability in Redhat Ansible 2.10.1 A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. | 7.1 |
| 2020-08-26 | CVE-2019-14904 | Improper Input Validation vulnerability in multiple products A flaw was found in the solaris_zone module from the Ansible Community modules. | 7.3 |