2.6.16

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-16	CVE-2020-1735	A flaw was found in the Ansible Engine when the fetch module is used. local low complexity redhat debian fedoraproject	4.6
2020-03-12	CVE-2020-1739	A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. local low complexity redhat fedoraproject debian	3.9
2020-03-11	CVE-2020-1733	Race Condition vulnerability in multiple products A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. local high complexity redhat fedoraproject debian CWE-362	5.0
2019-11-26	CVE-2019-14856	Improper Authentication vulnerability in multiple products ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None network low complexity redhat opensuse CWE-287	6.5
2019-11-22	CVE-2019-10206	Insufficiently Protected Credentials vulnerability in multiple products ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. network low complexity redhat debian opensuse CWE-522	6.5
2019-07-30	CVE-2019-10156	A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. network low complexity redhat debian	5.4