Vulnerabilities > Redhat > Ansible > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-5764 A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data.
local
low complexity
redhat fedoraproject
7.8
2022-10-28 CVE-2022-3697 Unspecified vulnerability in Redhat Ansible and Ansible Collection
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module.
network
low complexity
redhat
7.5
2020-10-05 CVE-2020-25636 Files or Directories Accessible to External Parties vulnerability in Redhat Ansible 2.10.1
A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers.
local
low complexity
redhat CWE-552
7.1
2020-08-26 CVE-2019-14904 A flaw was found in the solaris_zone module from the Ansible Community modules.
local
low complexity
redhat debian
7.3
2020-03-24 CVE-2020-10684 Missing Authorization vulnerability in multiple products
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean.
local
low complexity
redhat debian fedoraproject CWE-862
7.1
2020-01-09 CVE-2014-2686 Always-Incorrect Control Flow Implementation vulnerability in Redhat Ansible
Ansible prior to 1.5.4 mishandles the evaluation of some strings.
network
low complexity
redhat CWE-670
7.5
2018-07-31 CVE-2016-8614 Key Management Errors vulnerability in Redhat Ansible
A flaw was found in Ansible before version 2.2.0.
network
low complexity
redhat CWE-320
7.5
2018-06-22 CVE-2017-7466 Improper Input Validation vulnerability in Redhat Ansible
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems.
network
low complexity
redhat CWE-20
8.0
2018-05-04 CVE-2013-2233 Key Management Errors vulnerability in Redhat Ansible
Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
network
high complexity
redhat CWE-320
7.4
2018-04-24 CVE-2016-9587 Improper Input Validation vulnerability in multiple products
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems.
network
high complexity
redhat ansible CWE-20
8.1