2.7.14

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-16	CVE-2020-1738	Argument Injection or Modification vulnerability in Redhat products A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. local high complexity redhat CWE-88	3.9
2020-03-16	CVE-2020-1736	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. local low complexity redhat fedoraproject CWE-732	3.3
2020-03-16	CVE-2020-1735	A flaw was found in the Ansible Engine when the fetch module is used. local low complexity redhat debian fedoraproject	4.6
2020-03-12	CVE-2020-1739	A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. local low complexity redhat fedoraproject debian	3.9
2020-03-11	CVE-2020-1733	Race Condition vulnerability in multiple products A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. local high complexity redhat fedoraproject debian CWE-362	5.0
2020-01-02	CVE-2019-14864	Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. network low complexity redhat debian opensuse	6.5