Vulnerabilities > Redhat > Ansible

DATE CVE VULNERABILITY TITLE RISK
2019-07-30 CVE-2019-10156 A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution.
network
low complexity
redhat debian
5.4
2019-03-27 CVE-2019-3828 Path Traversal vulnerability in Redhat Ansible
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
local
low complexity
redhat CWE-22
4.2
2019-01-03 CVE-2018-16876 Information Exposure vulnerability in multiple products
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
network
high complexity
redhat debian suse canonical CWE-200
5.3
2018-07-31 CVE-2016-8614 Key Management Errors vulnerability in Redhat Ansible
A flaw was found in Ansible before version 2.2.0.
network
low complexity
redhat CWE-320
7.5
2018-07-31 CVE-2016-8628 Command Injection vulnerability in Redhat Ansible
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller.
network
low complexity
redhat CWE-77
critical
9.1
2018-06-22 CVE-2017-7466 Improper Input Validation vulnerability in Redhat Ansible
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems.
network
low complexity
redhat CWE-20
8.0
2018-05-04 CVE-2013-2233 Key Management Errors vulnerability in Redhat Ansible
Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
network
high complexity
redhat CWE-320
7.4
2018-04-24 CVE-2016-9587 Improper Input Validation vulnerability in multiple products
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems.
network
high complexity
redhat ansible CWE-20
8.1
2017-11-21 CVE-2017-7550 Unspecified vulnerability in Redhat Ansible and Enterprise Linux Server
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module.
network
low complexity
redhat
critical
9.8
2017-06-08 CVE-2014-3498 Improper Input Validation vulnerability in Redhat Ansible
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.
network
low complexity
redhat CWE-20
8.8