redhat ansible collection vulnerabilities and exploits

(subscribe to this query)

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulne...

Oracle Virtualization 4.0 Redhat Ansible Tower 3.0 Redhat Google Cloud Platform Ansible Collection 1.0.2 Redhat Cisco Nx-os Collection Redhat Ansible Redhat Community General Collection Redhat Community Network Collection Redhat Docker Community Collection

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an malicious user to take advantage of this issue as the module is handling the parameter insecurely, leading to the password...

Redhat Ansible Collection Redhat Ansible

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an malicious user to fetch those keys from the log files, compromising the system's confidentiali...

Redhat Ansible Automation Platform 2.0 Redhat Ansible Collection

A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info,...

Redhat Ansible Automation Platform 1.2 Redhat Ansible Galaxy 3.3.0

An archive traversal flaw was found in all ansible-engine versions 2.9.x before 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrit...

Redhat Ansible Engine Redhat Ansible Tower 3.0

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

Pulpproject Pulp Ansible -Redhat Satellite 6.0 Redhat Ansible Automation Platform 2.0 Redhat Update Infrastructure 3.0

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x prior to 2.7.17 and 2.8.x prior to 2.8.11 and 2.9.x prior to 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules a...

Redhat Ansible Tower Redhat Ansible Engine Debian Debian Linux 10.0

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an malicious user to steal bitbucket_pipeline credentials. The highest th...

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x prior to 2.7.17 and 2.8.x prior to 2.8.11 and 2.9.x prior to 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as ass...

Redhat Ansible Tower Redhat Ansible Engine Redhat Ceph Storage 3.0 Redhat Openstack 10 Redhat Ceph Storage 2.0 Redhat Storage 3.0 Redhat Openstack 13 Redhat Openstack 15 Debian Debian Linux 10.0

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x before 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker co...

Redhat Openstack 10 Redhat Ansible Tower Redhat Ansible Redhat Openstack 13 Debian Debian Linux 10.0 Fedoraproject Fedora 30 Fedoraproject Fedora 31 Fedoraproject Fedora 32

1 Github repository

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook