Skip to main content

Ansible

34 CVEs product

Monthly

CVE-2025-2877 MEDIUM PATCH This Month

Ansible Automation Platform's Event-Driven Ansible exposes inventory passwords in plain text when debug verbosity is enabled during rulebook activation, affecting both standard debug actions and Event Streams configurations. Authenticated users with access to debug-enabled ruleebooks can retrieve plaintext credentials through logs or console output. With CVSS 6.5 and EPSS 0.26% (percentile 49%), this represents moderate severity; no active exploitation has been confirmed, but the low complexity and authenticated-only requirement (PR:L) make this a practical concern for organizations using debug-level logging in production environments.

Ansible Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-0690 PyPI MEDIUM PATCH This Month

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Enterprise Linux Ansible Automation Platform Ansible Developer +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-5764 PyPI HIGH PATCH This Week

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Ssti Ansible Extra Packages For Enterprise Linux Fedora +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-32983 Maven MEDIUM PATCH This Month

Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ansible
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-32982 Maven MEDIUM PATCH This Month

Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ansible
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-3697 PyPI HIGH PATCH This Week

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Ansible Collection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-33924 CRITICAL Act Now

Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ansible
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-20191 PyPI MEDIUM PATCH This Month

A flaw was found in ansible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Virtualization Ansible Ansible Tower Cisco Nx Os Collection +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-20178 PyPI MEDIUM PATCH This Month

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Ansible Tower Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-3447 PyPI MEDIUM PATCH This Month

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Ansible Ansible Tower Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-2310 Maven MEDIUM PATCH This Month

Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ansible
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-25635 PyPI MEDIUM PATCH This Month

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-25636 HIGH This Week

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-10744 PyPI MEDIUM PATCH This Month

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. Rated medium severity (CVSS 5.0). No vendor patch available.

Information Disclosure Ansible Ansible Tower
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2020-10684 PyPI HIGH PATCH This Week

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Code Injection Ansible Ansible Tower +3
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-1740 PyPI MEDIUM PATCH This Month

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. Rated medium severity (CVSS 4.7). No vendor patch available.

Hashicorp Information Disclosure Ansible Ansible Tower Cloudforms Management Engine +3
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2020-1738 PyPI LOW PATCH Monitor

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. Rated low severity (CVSS 3.9). No vendor patch available.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack
NVD GitHub
CVSS 3.1
3.9
EPSS
0.4%
CVE-2020-1736 PyPI LOW POC PATCH Monitor

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-1735 PyPI MEDIUM POC PATCH This Month

A flaw was found in the Ansible Engine when the fetch module is used. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ansible Ansible Tower Cloudforms Management Engine Openstack +2
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2020-1739 PyPI LOW PATCH Monitor

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack +2
NVD GitHub
CVSS 3.1
3.9
EPSS
0.4%
CVE-2020-1733 PyPI MEDIUM POC PATCH This Month

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack +2
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2019-14856 PyPI MEDIUM PATCH This Month

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ansible Backports Sle Leap Openstack
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-10217 PyPI MEDIUM POC PATCH This Month

A flaw was found in ansible 2.8.0 before 2.8.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-10206 PyPI MEDIUM PATCH This Month

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Debian Linux Backports Sle Leap
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-10156 PyPI MEDIUM PATCH This Month

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Openstack Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.8%
CVE-2019-3828 PyPI MEDIUM PATCH This Month

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Path Traversal Ansible
NVD GitHub
CVSS 3.1
4.2
EPSS
0.5%
CVE-2018-1000149 Maven MEDIUM PATCH This Month

A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java,. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Ansible
NVD
CVSS 3.0
5.6
EPSS
0.7%
CVE-2017-7550 PyPI CRITICAL PATCH Act Now

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ansible Enterprise Linux Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2014-3498 PyPI HIGH PATCH This Week

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ansible
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2015-6240 PyPI HIGH PATCH This Week

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ansible
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-3096 PyPI HIGH PATCH This Week

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Fedora Ansible
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-3908 PyPI MEDIUM PATCH This Month

Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Ansible
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4260 PyPI LOW PATCH Monitor

lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a. Rated low severity (CVSS 3.3).

Privilege Escalation Ansible
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2013-4259 PyPI LOW PATCH Monitor

runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in. Rated low severity (CVSS 1.9).

Privilege Escalation Ansible
NVD
CVSS 2.0
1.9
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Ansible Automation Platform's Event-Driven Ansible exposes inventory passwords in plain text when debug verbosity is enabled during rulebook activation, affecting both standard debug actions and Event Streams configurations. Authenticated users with access to debug-enabled ruleebooks can retrieve plaintext credentials through logs or console output. With CVSS 6.5 and EPSS 0.26% (percentile 49%), this represents moderate severity; no active exploitation has been confirmed, but the low complexity and authenticated-only requirement (PR:L) make this a practical concern for organizations using debug-level logging in production environments.

Ansible Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Enterprise Linux +4
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Ssti Ansible +5
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ansible
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ansible
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Ansible Collection
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ansible
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ansible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Virtualization Ansible +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Ansible Tower +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Ansible +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ansible
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. Rated medium severity (CVSS 5.0). No vendor patch available.

Information Disclosure Ansible Ansible Tower
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Code Injection +5
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. Rated medium severity (CVSS 4.7). No vendor patch available.

Hashicorp Information Disclosure Ansible +5
NVD GitHub
EPSS 0% CVSS 3.9
LOW PATCH Monitor

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. Rated low severity (CVSS 3.9). No vendor patch available.

Information Disclosure Ansible Ansible Tower +2
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower +3
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

A flaw was found in the Ansible Engine when the fetch module is used. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ansible Ansible Tower +4
NVD GitHub
EPSS 0% CVSS 3.9
LOW PATCH Monitor

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Ansible Tower +4
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower +4
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ansible Backports Sle +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

A flaw was found in ansible 2.8.0 before 2.8.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Debian Linux +2
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Openstack +1
NVD GitHub
EPSS 1% CVSS 4.2
MEDIUM PATCH This Month

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Path Traversal Ansible
NVD GitHub
EPSS 1% CVSS 5.6
MEDIUM PATCH This Month

A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java,. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ansible Enterprise Linux Server
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ansible
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ansible
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Fedora Ansible
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Ansible
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a. Rated low severity (CVSS 3.3).

Privilege Escalation Ansible
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in. Rated low severity (CVSS 1.9).

Privilege Escalation Ansible
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy