Vulnerabilities > Redhat > Ansible > 1.6.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-12 | CVE-2020-1739 | A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. | 3.9 |
2020-03-11 | CVE-2020-1733 | Race Condition vulnerability in multiple products A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. | 5.0 |
2020-02-20 | CVE-2014-4678 | Injection vulnerability in multiple products The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | 9.8 |
2020-02-18 | CVE-2014-4967 | Injection vulnerability in Redhat Ansible Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | 9.8 |
2020-02-18 | CVE-2014-4966 | Injection vulnerability in Redhat Ansible Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | 9.8 |
2019-07-30 | CVE-2019-10156 | A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. | 5.4 |
2018-07-31 | CVE-2016-8614 | Key Management Errors vulnerability in Redhat Ansible A flaw was found in Ansible before version 2.2.0. | 7.5 |
2018-07-31 | CVE-2016-8628 | Command Injection vulnerability in Redhat Ansible Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. | 9.1 |
2018-06-22 | CVE-2017-7466 | Improper Input Validation vulnerability in Redhat Ansible Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. | 8.0 |
2018-04-24 | CVE-2016-9587 | Improper Input Validation vulnerability in multiple products Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. | 8.1 |