Vulnerabilities > Redhat > Ansible > 1.3.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2020-1739 | Information Exposure vulnerability in multiple products A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. | 3.9 |
| 2020-03-11 | CVE-2020-1733 | Race Condition vulnerability in multiple products A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. | 5.0 |
| 2020-02-20 | CVE-2014-4659 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | 2.1 |
| 2020-02-20 | CVE-2014-4658 | Information Exposure vulnerability in Redhat Ansible The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. | 2.1 |
| 2020-02-20 | CVE-2014-4657 | Improper Input Validation vulnerability in Redhat Ansible The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | 7.5 |
| 2020-02-20 | CVE-2014-4678 | Injection vulnerability in multiple products The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | 7.5 |
| 2020-02-20 | CVE-2014-4660 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | 2.1 |
| 2020-02-18 | CVE-2014-4967 | Injection vulnerability in Redhat Ansible Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | 7.5 |
| 2020-02-18 | CVE-2014-4966 | Injection vulnerability in Redhat Ansible Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | 7.5 |
| 2020-01-09 | CVE-2014-2686 | Always-Incorrect Control Flow Implementation vulnerability in Redhat Ansible Ansible prior to 1.5.4 mishandles the evaluation of some strings. | 7.5 |