Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ansible vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2021-20180
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an malicious user to steal bitbucket_pipeline credentials. The highest th...
Redhat Ansible
7.5
CVSSv2
CVE-2014-4966
Ansible prior to 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote malicious users to execute arbitrary code via (1) crafted lookup('pipe') ca...
Redhat Ansible
1 Github repository
7.5
CVSSv2
CVE-2014-4967
Multiple argument injection vulnerabilities in Ansible prior to 1.6.7 allow remote malicious users to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a...
Redhat Ansible
1 Github repository
5
CVSSv2
CVE-2014-2686
Ansible before 1.5.4 mishandles the evaluation of some strings.
Redhat Ansible
4.3
CVSSv2
CVE-2015-3908
Ansible prior to 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Redhat Ansible
1 Github repository
4
CVSSv2
CVE-2019-10217
A flaw was found in ansible 2.8.0 prior to 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. ...
Redhat Ansible
3.3
CVSSv2
CVE-2019-3828
Ansible fetch module prior to 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Redhat Ansible
7.2
CVSSv2
CVE-2015-6240
The chroot, jail, and zone connection plugins in ansible prior to 1.9.2 allow local users to escape a restricted environment via a symlink attack.
Redhat Ansible
6.5
CVSSv2
CVE-2014-3498
The user module in ansible prior to 1.6.6 allows remote authenticated users to execute arbitrary commands.
Redhat Ansible
1 Github repository
2.1
CVSSv2
CVE-2021-3447
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_lo...
Redhat Ansible Tower
Redhat Ansible
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »