Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible ansible vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2013-2233
Ansible prior to 1.2.1 makes it easier for remote malicious users to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
Redhat Ansible
7.8
CVSSv3
CVE-2015-6240
The chroot, jail, and zone connection plugins in ansible prior to 1.9.2 allow local users to escape a restricted environment via a symlink attack.
Redhat Ansible
5.5
CVSSv3
CVE-2021-20180
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an malicious user to steal bitbucket_pipeline credentials. The highest th...
Redhat Ansible
5.6
CVSSv3
CVE-2018-1000149
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlayb...
Jenkins Ansible
9.8
CVSSv3
CVE-2014-4657
The safe_eval function in Ansible prior to 1.5.4 does not properly restrict the code subset, which allows remote malicious users to execute arbitrary code via crafted instructions.
Redhat Ansible
5.5
CVSSv3
CVE-2014-4658
The vault subsystem in Ansible prior to 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
Redhat Ansible
9.8
CVSSv3
CVE-2014-4967
Multiple argument injection vulnerabilities in Ansible prior to 1.6.7 allow remote malicious users to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a...
Redhat Ansible
1 Github repository
NA
CVE-2013-4259
runner/connection_plugins/ssh.py in Ansible prior to 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.
Redhat Ansible
5.5
CVSSv3
CVE-2014-4659
Ansible prior to 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.
Redhat Ansible
6.5
CVSSv3
CVE-2019-10217
A flaw was found in ansible 2.8.0 prior to 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. ...
Redhat Ansible
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »