Vulnerabilities > Redhat > Ansible > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-20 CVE-2014-4659 Insufficiently Protected Credentials vulnerability in Redhat Ansible
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.
local
low complexity
redhat CWE-522
5.5
2020-02-20 CVE-2014-4658 Information Exposure vulnerability in Redhat Ansible
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
local
low complexity
redhat CWE-200
5.5
2020-02-20 CVE-2014-4660 Insufficiently Protected Credentials vulnerability in Redhat Ansible
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format.
local
low complexity
redhat CWE-522
5.5
2020-01-02 CVE-2019-14864 Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors.
network
low complexity
redhat debian opensuse
6.5
2019-11-26 CVE-2019-14856 Improper Authentication vulnerability in multiple products
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
network
low complexity
redhat opensuse CWE-287
6.5
2019-11-25 CVE-2019-10217 Information Exposure vulnerability in Redhat Ansible
A flaw was found in ansible 2.8.0 before 2.8.4.
network
low complexity
redhat CWE-200
6.5
2019-11-22 CVE-2019-10206 Insufficiently Protected Credentials vulnerability in multiple products
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters.
network
low complexity
redhat debian opensuse CWE-522
6.5
2019-07-30 CVE-2019-10156 A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution.
network
low complexity
redhat debian
5.4
2019-03-27 CVE-2019-3828 Path Traversal vulnerability in Redhat Ansible
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
local
low complexity
redhat CWE-22
4.2
2019-01-03 CVE-2018-16876 Information Exposure vulnerability in multiple products
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
network
high complexity
redhat debian suse canonical CWE-200
5.3