Vulnerabilities > Redhat > Ansible > 2.9.6

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-0690 Improper Encoding or Escaping of Output vulnerability in multiple products
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios.
local
low complexity
redhat fedoraproject CWE-116
5.5
5.5
2023-12-12 CVE-2023-5764 A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data.
local
low complexity
redhat fedoraproject
7.8
7.8
2022-10-28 CVE-2022-3697 Unspecified vulnerability in Redhat Ansible and Ansible Collection
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module.
network
low complexity
redhat
7.5
7.5
2022-03-16 CVE-2021-20180 Information Exposure Through Log Files vulnerability in Redhat Ansible
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module.
local
low complexity
redhat CWE-532
2.1
2.1
2021-05-26 CVE-2021-20191 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
oracle redhat CWE-532
5.5
5.5
2021-05-26 CVE-2021-20178 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module.
local
low complexity
redhat fedoraproject CWE-532
5.5
5.5
2020-05-15 CVE-2020-10744 Race Condition vulnerability in Redhat Ansible and Ansible Tower
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive.
local
high complexity
redhat CWE-362
5.0
5.0
2020-03-16 CVE-2020-1740 Insecure Temporary File vulnerability in multiple products
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files.
local
high complexity
redhat debian fedoraproject CWE-377
4.7
4.7
2020-03-16 CVE-2020-1736 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified.
local
low complexity
redhat fedoraproject CWE-732
3.3
3.3
2020-03-16 CVE-2020-1735 Path Traversal vulnerability in multiple products
A flaw was found in the Ansible Engine when the fetch module is used.
local
low complexity
redhat debian fedoraproject CWE-22
4.6
4.6