Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ansible 2.0 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2016-3096
The create_script function in the lxc_container module in Ansible prior to 1.9.6-1 and 2.x prior to 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path direct...
Fedoraproject Fedora 22
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Redhat Ansible
Redhat Ansible 2.0
Redhat Ansible 2.0.1
6.6
CVSSv2
CVE-2020-14365
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x prior to 2.8.15 and ansible-engine 2.9.x prior to 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the defaul...
Redhat Ansible Engine
Redhat Ansible Tower 3.0
Redhat Ansible Tower
Redhat Ceph Storage 2.0
Redhat Ceph Storage 3.0
Redhat Openstack Platform 10.0
Redhat Openstack Platform 13.0
Debian Debian Linux 10.0
5
CVSSv2
CVE-2021-20228
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an malicious user to obtain sensitive information. The highest threat...
Redhat Ansible Engine 2.9.18
Redhat Ansible Engine 2.0
Redhat Ansible Tower 3.0
Redhat Ansible Engine 2.9
Redhat Ansible Automation Platform 1.2
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2020-25626
A flaw was found in Django REST Framework versions prior to 3.12.0 and prior to 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject m...
Encode Django Rest Framework
Redhat Ceph Storage 2.0
Debian Debian Linux 11.0
2.1
CVSSv2
CVE-2021-3620
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Redhat Virtualization Host 4.0
Redhat Virtualization 4.0
Redhat Enterprise Linux 8.0
Redhat Openstack 16.1
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Virtualization For Ibm Power Little Endian 4.0
Redhat Openstack 1
Redhat Ansible Automation Platform Early Access 2.0
Redhat Ansible Engine
Redhat Virtualization Manager 4.4
2.1
CVSSv2
CVE-2019-14846
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not af...
Redhat Ansible Engine
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Backports Sle 15.0
Opensuse Leap 15.1
Redhat Openstack 13
Redhat Ansible Engine 2.0
Redhat Ansible Engine 2.8.0
1.9
CVSSv2
CVE-2020-10685
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x prior to 2.7.17 and 2.8.x prior to 2.8.11 and 2.9.x prior to 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as ass...
Redhat Ansible Tower
Redhat Ansible Engine
Redhat Ceph Storage 3.0
Redhat Openstack 10
Redhat Ceph Storage 2.0
Redhat Storage 3.0
Redhat Openstack 13
Redhat Openstack 15
Debian Debian Linux 10.0
NA
CVE-2024-3094
Malicious code exists in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific fun...
Tukaani Xz 5.6.1
Tukaani Xz 5.6.0
75 Github repositories
6 Articles
NA
CVE-2023-50782
A flaw was found in the python-cryptography package. This issue may allow a remote malicious user to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Redhat Ansible Automation Platform 2.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Redhat Update Infrastructure 4
Python-cryptography Project Python-cryptography
NA
CVE-2023-5189
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
Redhat Satellite 6.0
Redhat Ansible Automation Platform 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »