Skip to main content

Ansible Engine

19 CVEs product

Monthly

CVE-2021-3583 PyPI HIGH PATCH This Week

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ansible Automation Platform Ansible Engine Ansible Tower
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2021-20228 PyPI HIGH PATCH This Week

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Automation Platform Ansible Tower Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-14365 PyPI HIGH PATCH This Week

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Ansible Engine Ansible Tower Ceph Storage +2
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-14332 PyPI MEDIUM PATCH This Month

A flaw was found in the Ansible Engine when using module_args. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Engine Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-14330 PyPI MEDIUM POC PATCH This Month

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible Engine Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-1746 PyPI MEDIUM PATCH This Month

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Tower Debian Linux
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2020-10685 PyPI MEDIUM PATCH This Month

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Hashicorp Information Disclosure Ansible Engine Ansible Tower Ceph Storage +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-10691 PyPI MEDIUM PATCH This Month

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ansible Engine Ansible Tower
NVD GitHub
CVSS 3.1
5.2
EPSS
0.4%
CVE-2020-1753 PyPI MEDIUM POC PATCH This Month

A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Ansible Engine Ansible Tower Debian Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-1737 PyPI HIGH PATCH This Week

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Ansible Engine Ansible Tower
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-1734 PyPI HIGH PATCH This Week

A flaw was found in the pipe lookup plugin of ansible. Rated high severity (CVSS 7.4). No vendor patch available.

Command Injection Ansible Engine Ansible Tower
NVD GitHub
CVSS 3.1
7.4
EPSS
0.4%
CVE-2019-14858 PyPI MEDIUM PATCH This Month

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Engine Ansible Tower
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-14846 PyPI HIGH PATCH This Week

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ansible Engine Debian Linux Backports Sle Leap +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-16859 PyPI MEDIUM PATCH This Month

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Information Disclosure Ansible Engine
NVD GitHub
CVSS 3.0
4.4
EPSS
0.5%
CVE-2018-16837 PyPI HIGH PATCH This Week

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Engine Ansible Tower Debian Linux Package Hub
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10875 PyPI HIGH PATCH This Week

A flaw was found in ansible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Ceph Storage Gluster Storage Openshift +6
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2018-10855 PyPI MEDIUM PATCH This Month

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ansible Engine Cloudforms Openstack Virtualization +2
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2018-10874 PyPI HIGH PATCH This Week

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Openstack Virtualization Virtualization Host
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-7750 PyPI CRITICAL POC PATCH THREAT Act Now

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Paramiko Ansible Engine Cloudforms Virtualization +7
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
27.1%
EPSS 1% CVSS 7.1
HIGH PATCH This Week

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ansible Automation Platform Ansible Engine +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Automation Platform +2
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Ansible Engine +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Ansible Engine when using module_args. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Engine Debian Linux
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible Engine Debian Linux
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Tower +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Hashicorp Information Disclosure Ansible Engine +5
NVD GitHub
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ansible Engine Ansible Tower
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Ansible Engine +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Ansible Engine Ansible Tower
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

A flaw was found in the pipe lookup plugin of ansible. Rated high severity (CVSS 7.4). No vendor patch available.

Command Injection Ansible Engine Ansible Tower
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Engine Ansible Tower
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ansible Engine Debian Linux +3
NVD GitHub
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Information Disclosure Ansible Engine
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Engine Ansible Tower +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in ansible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Ceph Storage +8
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ansible Engine Cloudforms +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Openstack +2
NVD
EPSS 27% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Paramiko Ansible Engine +9
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy