Search CVE reports
11 – 20 of 79 results
CVE-2021-4041
Medium prioritySome fixes available 1 of 2
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer...
1 affected package
ansible-runner
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible-runner | — | Fixed | Not in release | Not in release | Ignored |
CVE-2021-3702
High priorityA race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to...
1 affected package
ansible-runner
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible-runner | — | Not affected | Not in release | Not in release | Ignored |
CVE-2021-3701
High priorityA flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private...
1 affected package
ansible-runner
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible-runner | — | Not affected | Not in release | Not in release | Ignored |
CVE-2022-2568
Medium priorityA privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove...
3 affected packages
ansible, ansible-base, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-base | Not in release | Not in release | Not in release | Not in release | Not in release |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2021-20180
Medium priorityA flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal...
1 affected package
ansible
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-3620
Medium prioritySome fixes available 2 of 12
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is...
3 affected packages
ansible, ansible-base, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Vulnerable | Fixed | Fixed | Not affected | Not affected |
ansible-base | Not in release | Not in release | Not in release | Not in release | Ignored |
ansible-core | Not affected | Not affected | Not in release | Not in release | Ignored |
CVE-2021-3583
Medium prioritySome fixes available 4 of 14
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts...
3 affected packages
ansible, ansible-base, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Vulnerable | Fixed | Fixed | Fixed | Fixed |
ansible-base | Not in release | Not in release | Not in release | Not in release | Ignored |
ansible-core | Not affected | Not affected | Not in release | Not in release | Ignored |
CVE-2020-10729
Medium priorityA flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The...
1 affected package
ansible
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
CVE-2021-20191
Medium priorityA flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal...
1 affected package
ansible
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-20178
Medium priorityA flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal...
1 affected package
ansible
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |