Vulnerabilities > Redhat > Ansible > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-16 | CVE-2021-20180 | Information Exposure Through Log Files vulnerability in Redhat Ansible A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. | 2.1 |
| 2020-03-16 | CVE-2020-1736 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. | 3.3 |
| 2020-03-16 | CVE-2020-1738 | Argument Injection or Modification vulnerability in Redhat products A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. | 3.9 |
| 2020-03-12 | CVE-2020-1739 | Information Exposure vulnerability in multiple products A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. | 3.9 |
| 2020-02-20 | CVE-2014-4658 | Information Exposure vulnerability in Redhat Ansible The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. | 2.1 |
| 2020-02-20 | CVE-2014-4659 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | 2.1 |
| 2020-02-20 | CVE-2014-4660 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | 2.1 |
| 2019-01-03 | CVE-2018-16876 | Information Exposure vulnerability in multiple products ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. | 3.5 |