Search CVE reports
1 – 10 of 11 results
CVE-2024-8775
Medium priorityA flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2024-0690
Medium priorityAn information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-5115
Medium priorityAn absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-5764
Medium prioritySome fixes available 4 of 8
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Not affected | Fixed | Fixed | Fixed | Fixed |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-5189
Medium priorityA path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-4380
Medium priorityA logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-4237
Medium priorityA flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files,...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2022-3697
Medium prioritySome fixes available 3 of 10
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Not affected | Fixed | Fixed | Fixed | Not affected |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2022-2568
Medium priorityA privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove...
3 affected packages
ansible, ansible-base, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-base | Not in release | Not in release | Not in release | Not in release | Not in release |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2021-3620
Medium prioritySome fixes available 2 of 11
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is...
3 affected packages
ansible, ansible-base, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Vulnerable | Fixed | Fixed | Not affected | Not affected |
ansible-base | Not in release | Not in release | Not in release | Not in release | Ignored |
ansible-core | Not affected | Not affected | Not in release | Not in release | Ignored |