Vulnerabilities > Redhat > Ansible > 2.7.2

DATE CVE VULNERABILITY TITLE RISK
2020-03-16 CVE-2020-1738 Argument Injection or Modification vulnerability in Redhat products
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified.
local
high complexity
redhat CWE-88
3.9
2020-03-16 CVE-2020-1736 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified.
local
low complexity
redhat fedoraproject CWE-732
3.3
2020-03-16 CVE-2020-1735 A flaw was found in the Ansible Engine when the fetch module is used.
local
low complexity
redhat debian fedoraproject
4.6
2020-03-12 CVE-2020-1739 A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node.
local
low complexity
redhat fedoraproject debian
3.9
2020-03-11 CVE-2020-1733 Race Condition vulnerability in multiple products
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user.
local
high complexity
redhat fedoraproject debian CWE-362
5.0
2020-01-02 CVE-2019-14864 Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors.
network
low complexity
redhat debian opensuse
6.5
2019-11-26 CVE-2019-14856 Improper Authentication vulnerability in multiple products
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
network
low complexity
redhat opensuse CWE-287
6.5
2019-11-22 CVE-2019-10206 Insufficiently Protected Credentials vulnerability in multiple products
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters.
network
low complexity
redhat debian opensuse CWE-522
6.5
2019-07-30 CVE-2019-10156 A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution.
network
low complexity
redhat debian
5.4
2019-03-27 CVE-2019-3828 Path Traversal vulnerability in Redhat Ansible
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
local
low complexity
redhat CWE-22
4.2