Search CVE reports
1 – 10 of 78 results
CVE-2024-9902
Medium priorityA flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2024-8775
Medium priorityA flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2024-0690
Medium priorityAn information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-5115
Medium priorityAn absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-5764
Medium prioritySome fixes available 4 of 9
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Not affected | Fixed | Fixed | Fixed | Fixed |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-5189
Medium priorityA path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-4380
Medium priorityA logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-4237
Medium priorityA flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files,...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2022-3697
Medium prioritySome fixes available 3 of 11
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the...
2 affected packages
ansible, ansible-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible | Not affected | Fixed | Fixed | Fixed | Not affected |
ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2021-4041
Medium prioritySome fixes available 1 of 2
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer...
1 affected packages
ansible-runner
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ansible-runner | — | Fixed | Not in release | Not in release | Ignored |