Vulnerabilities > Redhat > Ansible

DATE CVE VULNERABILITY TITLE RISK
2020-02-20 CVE-2014-4657 Improper Input Validation vulnerability in Redhat Ansible
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
network
low complexity
redhat CWE-20
critical
9.8
2020-02-20 CVE-2014-4678 Injection vulnerability in multiple products
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
network
low complexity
redhat debian CWE-74
critical
9.8
2020-02-20 CVE-2014-4660 Insufficiently Protected Credentials vulnerability in Redhat Ansible
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format.
local
low complexity
redhat CWE-522
5.5
2020-02-18 CVE-2014-4967 Injection vulnerability in Redhat Ansible
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.
network
low complexity
redhat CWE-74
critical
9.8
2020-02-18 CVE-2014-4966 Injection vulnerability in Redhat Ansible
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.
network
low complexity
redhat CWE-74
critical
9.8
2020-01-09 CVE-2014-2686 Always-Incorrect Control Flow Implementation vulnerability in Redhat Ansible
Ansible prior to 1.5.4 mishandles the evaluation of some strings.
network
low complexity
redhat CWE-670
7.5
2020-01-02 CVE-2019-14864 Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors.
network
low complexity
redhat debian opensuse
6.5
2019-11-26 CVE-2019-14856 Improper Authentication vulnerability in multiple products
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
network
low complexity
redhat opensuse CWE-287
6.5
2019-11-25 CVE-2019-10217 Information Exposure vulnerability in Redhat Ansible
A flaw was found in ansible 2.8.0 before 2.8.4.
network
low complexity
redhat CWE-200
6.5
2019-11-22 CVE-2019-10206 Insufficiently Protected Credentials vulnerability in multiple products
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters.
network
low complexity
redhat debian opensuse CWE-522
6.5