Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ansible engine vulnerabilities and exploits
(subscribe to this query)
4.7
CVSSv3
CVE-2020-1740
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file...
Redhat Cloudforms Management Engine 5.0
Redhat Ansible Tower
Redhat Openstack 13
Redhat Ansible
Debian Debian Linux 8.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
3.9
CVSSv3
CVE-2020-1739
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by read...
Redhat Ansible Tower
Redhat Ansible
Redhat Cloudforms Management Engine 5.0
Redhat Openstack 13
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 8.0
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2019-14864
Ansible, versions 2.9.x prior to 2.9.1, 2.8.x prior to 2.8.7 and Ansible versions 2.7.x prior to 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects...
Redhat Cloudforms Management Engine 5.0
Redhat Ceph Storage 3.0
Redhat Ansible Tower 3.0
Redhat Ansible
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
5
CVSSv3
CVE-2020-10744
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18...
Redhat Ansible Tower
Redhat Ansible
5.5
CVSSv3
CVE-2021-3620
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Redhat Virtualization Host 4.0
Redhat Virtualization 4.0
Redhat Enterprise Linux 8.0
Redhat Openstack 16.1
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Virtualization For Ibm Power Little Endian 4.0
Redhat Openstack 1
Redhat Ansible Automation Platform Early Access 2.0
Redhat Ansible Engine
Redhat Virtualization Manager 4.4
5.5
CVSSv3
CVE-2021-20178
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an malicious user to steal bitbucket_pipeline credentials. The highest th...
Redhat Ansible Tower 3.0
Redhat Ansible
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.1
CVSSv3
CVE-2020-10684
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x before 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker co...
Redhat Openstack 10
Redhat Ansible Tower
Redhat Ansible
Redhat Openstack 13
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
1 Github repository
7.1
CVSSv3
CVE-2020-14296
Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.
Redhat Cloudforms Management Engine 5.0
Redhat Cloudforms Management Engine 4.7
7.3
CVSSv3
CVE-2019-14904
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of ...
Redhat Ansible
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.1
CVSSv3
CVE-2019-14822
A flaw exists in ibus in versions prior to 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user...
Ibus Project Ibus
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Oracle Zfs Storage Appliance Kit 8.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »