Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/11293?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/11293?format=api", "purl": "pkg:pypi/ansible@2.7.12", "type": "pypi", "namespace": "", "name": "ansible", "version": "2.7.12", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.10.1rc2", "latest_non_vulnerable_version": "12.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7783?format=api", "vulnerability_id": "VCID-39vn-b7y4-v3ez", "summary": "ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55249", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10206" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11294?format=api", "purl": "pkg:pypi/ansible@2.7.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/13122?format=api", "purl": "pkg:pypi/ansible@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.4" } ], "aliases": [ "CVE-2019-10206", "PYSEC-2019-145" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39vn-b7y4-v3ez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8085?format=api", "vulnerability_id": "VCID-3jxq-kxnz-6bfh", "summary": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47749", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20228" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002" }, { "reference_url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv" }, { "reference_url": "https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c" }, { "reference_url": "https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b" }, { "reference_url": "https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120" }, { "reference_url": "https://github.com/ansible/ansible/pull/73487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/73487" }, { "reference_url": "https://github.com/ansible/ansible/pull/73492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/73492" }, { "reference_url": "https://github.com/ansible/ansible/pull/73493", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/73493" }, { "reference_url": "https://github.com/ansible/ansible/pull/73494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/73494" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20228", "reference_id": "CVE-2021-20228", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20228" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17018?format=api", "purl": "pkg:pypi/ansible@2.8.19rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17037?format=api", "purl": "pkg:pypi/ansible@2.9.18rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17040?format=api", "purl": "pkg:pypi/ansible@2.9.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/78000?format=api", "purl": "pkg:pypi/ansible@2.10.6rc1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.6rc1" } ], "aliases": [ "CVE-2021-20228", "GHSA-5rrg-rr89-x9mv", "PYSEC-2021-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jxq-kxnz-6bfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7858?format=api", "vulnerability_id": "VCID-4331-d5yy-uybc", "summary": "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08127", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1733" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733" }, { "reference_url": "https://github.com/advisories/GHSA-g4mq-6fp5-qwcf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g4mq-6fp5-qwcf" }, { "reference_url": "https://github.com/ansible/ansible/issues/67791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67791" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13773?format=api", "purl": "pkg:pypi/ansible@2.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1733", "GHSA-g4mq-6fp5-qwcf", "PYSEC-2020-5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4331-d5yy-uybc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7881?format=api", "vulnerability_id": "VCID-4tfv-snmv-bbax", "summary": "A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0218", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0218" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14905", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5091", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14905" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905" }, { "reference_url": "https://github.com/advisories/GHSA-frxj-5j27-f8rf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-frxj-5j27-f8rf" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11297?format=api", "purl": "pkg:pypi/ansible@2.7.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/13773?format=api", "purl": "pkg:pypi/ansible@2.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/13775?format=api", "purl": "pkg:pypi/ansible@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.3" } ], "aliases": [ "CVE-2019-14905", "GHSA-frxj-5j27-f8rf", "PYSEC-2020-206" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tfv-snmv-bbax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7788?format=api", "vulnerability_id": "VCID-52zf-mjec-f3d5", "summary": "ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0756" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.64064", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14856" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11295?format=api", "purl": "pkg:pypi/ansible@2.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/13125?format=api", "purl": "pkg:pypi/ansible@2.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6" } ], "aliases": [ "CVE-2019-14856", "PYSEC-2019-146" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52zf-mjec-f3d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5842?format=api", "vulnerability_id": "VCID-5mcc-gtrr-j3e4", "summary": "information disclosure", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0848", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774" }, { "reference_url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes," }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/1635,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.general/pull/1635," }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17038?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" } ], "aliases": [ "CVE-2021-20178", "GHSA-wv5p-gmmv-wh9v", "PYSEC-2021-106" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mcc-gtrr-j3e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7867?format=api", "vulnerability_id": "VCID-6hdk-ywcn-4qe4", "summary": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16115", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1753" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753" }, { "reference_url": "https://github.com/advisories/GHSA-86hp-cj9j-33vv", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-86hp-cj9j-33vv" }, { "reference_url": "https://github.com/ansible-collections/kubernetes/pull/51", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/kubernetes/pull/51" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11299?format=api", "purl": "pkg:pypi/ansible@2.7.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/13873?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/13874?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-1753", "GHSA-86hp-cj9j-33vv", "PYSEC-2020-210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hdk-ywcn-4qe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7759?format=api", "vulnerability_id": "VCID-6smx-ju23-8qes", "summary": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0756" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30132", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14846" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846" }, { "reference_url": "https://github.com/ansible/ansible/pull/63366", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/63366" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11295?format=api", "purl": "pkg:pypi/ansible@2.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/13125?format=api", "purl": "pkg:pypi/ansible@2.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6" } ], "aliases": [ "CVE-2019-14846", "PYSEC-2019-4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6smx-ju23-8qes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7855?format=api", "vulnerability_id": "VCID-6swz-79ue-bbef", "summary": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2020:0547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2020:0547" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2020:1539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2020:1539" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24234", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1734" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734" }, { "reference_url": "https://github.com/advisories/GHSA-h39q-95q5-9jfp", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h39q-95q5-9jfp" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b" }, { "reference_url": "https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0" }, { "reference_url": "https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f" }, { "reference_url": "https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0" }, { "reference_url": "https://github.com/ansible/ansible/issues/67792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67792" }, { "reference_url": "https://github.com/ansible/ansible/issues/70159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/70159" }, { "reference_url": "https://github.com/ansible/ansible/pull/70596", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/70596" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2020-1734", "reference_id": "CVE-2020-1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2020-1734" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", "reference_id": "CVE-2020-1734", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/14352?format=api", "purl": "pkg:pypi/ansible@2.8.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/17008?format=api", "purl": "pkg:pypi/ansible@2.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/17068?format=api", "purl": "pkg:pypi/ansible@2.10.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1" } ], "aliases": [ "CVE-2020-1734", "GHSA-h39q-95q5-9jfp", "PYSEC-2020-6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6swz-79ue-bbef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8103?format=api", "vulnerability_id": "VCID-95kg-bk3s-g7gx", "summary": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20041", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10729" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089" }, { "reference_url": "https://github.com/advisories/GHSA-r6h7-5pq2-j77h", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r6h7-5pq2-j77h" }, { "reference_url": "https://github.com/ansible/ansible/issues/34144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/34144" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-10729", "GHSA-r6h7-5pq2-j77h", "PYSEC-2021-105" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95kg-bk3s-g7gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7809?format=api", "vulnerability_id": "VCID-aq21-sp74-17gk", "summary": "Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00888", "scoring_system": "epss", "scoring_elements": "0.7582", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864" }, { "reference_url": "https://github.com/advisories/GHSA-3m93-m4q6-mc6v", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3m93-m4q6-mc6v" }, { "reference_url": "https://github.com/ansible/ansible/commit/050f92f96054bf59e283fdec9972323c2ed00348", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/050f92f96054bf59e283fdec9972323c2ed00348" }, { "reference_url": "https://github.com/ansible/ansible/commit/75288a89d0053d6df35c90863fb6c9542d89850e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/75288a89d0053d6df35c90863fb6c9542d89850e" }, { "reference_url": "https://github.com/ansible/ansible/commit/a0ec2976b2716cdecdd7a8f416d96406acd79b7c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/a0ec2976b2716cdecdd7a8f416d96406acd79b7c" }, { "reference_url": "https://github.com/ansible/ansible/commit/c76e074e4c71c7621a1ca8159261c1959b5287af", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/c76e074e4c71c7621a1ca8159261c1959b5287af" }, { "reference_url": "https://github.com/ansible/ansible/issues/63522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/63522" }, { "reference_url": "https://github.com/ansible/ansible/pull/63527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/63527" }, { "reference_url": "https://github.com/ansible/ansible/pull/64273", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/64273" }, { "reference_url": "https://github.com/ansible/ansible/pull/64274", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/64274" }, { "reference_url": "https://github.com/ansible/ansible/pull/64748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/64748" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-160.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-160.yaml" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14864", "reference_id": "CVE-2019-14864", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14864" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11296?format=api", "purl": "pkg:pypi/ansible@2.7.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/13560?format=api", "purl": "pkg:pypi/ansible@2.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/13561?format=api", "purl": "pkg:pypi/ansible@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.1" } ], "aliases": [ "CVE-2019-14864", "GHSA-3m93-m4q6-mc6v", "PYSEC-2020-160" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aq21-sp74-17gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7942?format=api", "vulnerability_id": "VCID-axds-bd49-fbdj", "summary": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11344", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14904" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "reference_url": "https://github.com/advisories/GHSA-gwr8-5j83-483c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gwr8-5j83-483c" }, { "reference_url": "https://github.com/ansible/ansible/pull/65686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/65686" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11296?format=api", "purl": "pkg:pypi/ansible@2.7.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/13560?format=api", "purl": "pkg:pypi/ansible@2.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/13774?format=api", "purl": "pkg:pypi/ansible@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2" } ], "aliases": [ "CVE-2019-14904", "GHSA-gwr8-5j83-483c", "PYSEC-2020-161" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axds-bd49-fbdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7871?format=api", "vulnerability_id": "VCID-b423-t4kx-eqbq", "summary": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33455", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1735" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735" }, { "reference_url": "https://github.com/advisories/GHSA-gfr2-qpxh-qj9m", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gfr2-qpxh-qj9m" }, { "reference_url": "https://github.com/ansible/ansible/issues/67793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67793" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1735", "GHSA-gfr2-qpxh-qj9m", "PYSEC-2020-7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b423-t4kx-eqbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7950?format=api", "vulnerability_id": "VCID-b8cv-v25q-1kh3", "summary": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44392", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14330" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330" }, { "reference_url": "https://github.com/advisories/GHSA-785x-qw4v-6872", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-785x-qw4v-6872" }, { "reference_url": "https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e" }, { "reference_url": "https://github.com/ansible/ansible/issues/68400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/68400" }, { "reference_url": "https://github.com/ansible/ansible/pull/69653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/69653" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-3.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-3.yaml" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14330", "reference_id": "CVE-2020-14330", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14330" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17069?format=api", "purl": "pkg:pypi/ansible@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0" } ], "aliases": [ "CVE-2020-14330", "GHSA-785x-qw4v-6872", "PYSEC-2020-3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8cv-v25q-1kh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7857?format=api", "vulnerability_id": "VCID-brft-snn6-guc8", "summary": "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35898", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1737" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737" }, { "reference_url": "https://github.com/advisories/GHSA-893h-35v4-mxqx", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-893h-35v4-mxqx" }, { "reference_url": "https://github.com/ansible/ansible/issues/67795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67795" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1737", "GHSA-893h-35v4-mxqx", "PYSEC-2020-9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-brft-snn6-guc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7895?format=api", "vulnerability_id": "VCID-bvsa-kz7r-zyea", "summary": "A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30138", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1746" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746" }, { "reference_url": "https://github.com/advisories/GHSA-j2h6-73x8-22c4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j2h6-73x8-22c4" }, { "reference_url": "https://github.com/ansible/ansible/pull/67866", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/67866" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13873?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/13874?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-1746", "GHSA-j2h6-73x8-22c4", "PYSEC-2020-13" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvsa-kz7r-zyea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5428?format=api", "vulnerability_id": "VCID-enwa-2cfn-5uab", "summary": "arbitrary command execution", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51217", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412" }, { "reference_url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm" }, { "reference_url": "https://security.archlinux.org/AVG-2260", "reference_id": "AVG-2260", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2260" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583", "reference_id": "CVE-2021-3583", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17048?format=api", "purl": "pkg:pypi/ansible@2.9.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23" } ], "aliases": [ "CVE-2021-3583", "GHSA-2pfh-q76x-gwvm", "PYSEC-2021-358" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-enwa-2cfn-5uab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7764?format=api", "vulnerability_id": "VCID-gnq4-v5a7-m3ew", "summary": "A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0756" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1264", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14858" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11307?format=api", "purl": "pkg:pypi/ansible@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-mk3k-n9wn-q3ct" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1" } ], "aliases": [ "CVE-2019-14858", "PYSEC-2019-171" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnq4-v5a7-m3ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7870?format=api", "vulnerability_id": "VCID-hyr1-b223-bkef", "summary": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18673", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1736" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736" }, { "reference_url": "https://github.com/advisories/GHSA-x7jh-595q-wq82", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x7jh-595q-wq82" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/issues/67794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67794" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", "reference_id": "CVE-2020-1736", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1736", "GHSA-x7jh-595q-wq82", "PYSEC-2020-8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hyr1-b223-bkef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5516?format=api", "vulnerability_id": "VCID-kgjy-7kdy-c3cg", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477" }, { "reference_url": "https://security.archlinux.org/AVG-2056", "reference_id": "AVG-2056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2056" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21283?format=api", "purl": "pkg:pypi/ansible@3.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0" } ], "aliases": [ "CVE-2021-3533", "PYSEC-2021-126" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgjy-7kdy-c3cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7985?format=api", "vulnerability_id": "VCID-m87b-eb5y-8ydf", "summary": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.236", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25635" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible-collections/community.aws/issues/222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/issues/222" }, { "reference_url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635", "reference_id": "CVE-2020-25635", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635" }, { "reference_url": "https://github.com/advisories/GHSA-f556-49jc-4rvc", "reference_id": "GHSA-f556-49jc-4rvc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f556-49jc-4rvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17303?format=api", "purl": "pkg:pypi/ansible@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1" } ], "aliases": [ "CVE-2020-25635", "GHSA-f556-49jc-4rvc", "PYSEC-2020-220" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m87b-eb5y-8ydf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7868?format=api", "vulnerability_id": "VCID-n2b8-e8fa-2ue1", "summary": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34646", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1740" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740" }, { "reference_url": "https://github.com/advisories/GHSA-vcg8-98q8-g7mj", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vcg8-98q8-g7mj" }, { "reference_url": "https://github.com/ansible/ansible/issues/67798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67798" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1740", "GHSA-vcg8-98q8-g7mj", "PYSEC-2020-12" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2b8-e8fa-2ue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7896?format=api", "vulnerability_id": "VCID-nx86-xnct-afbs", "summary": "An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11851", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10744" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744" }, { "reference_url": "https://github.com/advisories/GHSA-vp9j-rghq-8jhh", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vp9j-rghq-8jhh" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d" }, { "reference_url": "https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f" }, { "reference_url": "https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80" }, { "reference_url": "https://github.com/ansible/ansible/issues/69782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/69782" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744", "reference_id": "CVE-2020-10744", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11300?format=api", "purl": "pkg:pypi/ansible@2.8.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-49gh-wgmc-mfew" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-mk3k-n9wn-q3ct" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/14352?format=api", "purl": "pkg:pypi/ansible@2.8.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/14353?format=api", "purl": "pkg:pypi/ansible@2.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/17010?format=api", "purl": "pkg:pypi/ansible@2.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/17068?format=api", "purl": "pkg:pypi/ansible@2.10.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1" } ], "aliases": [ "CVE-2020-10744", "GHSA-vp9j-rghq-8jhh", "PYSEC-2020-208" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nx86-xnct-afbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1054?format=api", "vulnerability_id": "VCID-qtt6-8kf8-1fbt", "summary": "information disclosure", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3871", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3874", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4703", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4750" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52692", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3620" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767" }, { "reference_url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { "reference_url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://security.archlinux.org/AVG-1941", "reference_id": "AVG-1941", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1941" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3620", "reference_id": "CVE-2021-3620", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2021-3620" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620", "reference_id": "CVE-2021-3620", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17056?format=api", "purl": "pkg:pypi/ansible@2.9.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27" } ], "aliases": [ "CVE-2021-3620", "GHSA-4r65-35qq-ch8j", "PYSEC-2022-164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt6-8kf8-1fbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7869?format=api", "vulnerability_id": "VCID-rarq-tdjt-hff3", "summary": "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44079", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1738" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738" }, { "reference_url": "https://github.com/advisories/GHSA-f85h-23mf-2fwh", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f85h-23mf-2fwh" }, { "reference_url": "https://github.com/ansible/ansible/issues/67796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67796" }, { "reference_url": "https://github.com/ansible/ansible/pull/67808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/67808" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-10.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-10.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", "reference_id": "CVE-2020-1738", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1738", "GHSA-f85h-23mf-2fwh", "PYSEC-2020-10" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rarq-tdjt-hff3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7863?format=api", "vulnerability_id": "VCID-rnub-zmb6-5yhw", "summary": "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1474", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1739" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739" }, { "reference_url": "https://github.com/advisories/GHSA-923p-fr2c-g5m2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-923p-fr2c-g5m2" }, { "reference_url": "https://github.com/ansible/ansible/issues/67797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67797" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1739", "GHSA-923p-fr2c-g5m2", "PYSEC-2020-11" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rnub-zmb6-5yhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5840?format=api", "vulnerability_id": "VCID-uvca-5e2n-pqew", "summary": "information disclosure", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07158", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" }, { "reference_url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17019?format=api", "purl": "pkg:pypi/ansible@2.8.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/17038?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/20863?format=api", "purl": "pkg:pypi/ansible@2.10.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kgjy-7kdy-c3cg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7" } ], "aliases": [ "CVE-2021-20191", "GHSA-8f4m-hccc-8qph", "PYSEC-2021-124" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uvca-5e2n-pqew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7894?format=api", "vulnerability_id": "VCID-xpfd-zdry-euh5", "summary": "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42611", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10685" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685" }, { "reference_url": "https://github.com/advisories/GHSA-77g3-3j5w-64w4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-77g3-3j5w-64w4" }, { "reference_url": "https://github.com/ansible/ansible/pull/68433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/68433" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13873?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/13874?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-10685", "GHSA-77g3-3j5w-64w4", "PYSEC-2020-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpfd-zdry-euh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7641?format=api", "vulnerability_id": "VCID-zcmk-4k97-kkd9", "summary": "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3770" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3773" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25744", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16859" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859" }, { "reference_url": "https://cwe.mitre.org/data/definitions/200.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "reference_url": "https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c" }, { "reference_url": "https://github.com/ansible/ansible/pull/49142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/49142" }, { "reference_url": "http://www.securityfocus.com/bid/106004", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11307?format=api", "purl": "pkg:pypi/ansible@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-mk3k-n9wn-q3ct" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1" } ], "aliases": [ "CVE-2018-16859", "PYSEC-2018-60" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zcmk-4k97-kkd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7876?format=api", "vulnerability_id": "VCID-zjct-yufk-jkdg", "summary": "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08821", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10684" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684" }, { "reference_url": "https://github.com/advisories/GHSA-p62g-jhg6-v3rq", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p62g-jhg6-v3rq" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-10684", "GHSA-p62g-jhg6-v3rq", "PYSEC-2020-207" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zjct-yufk-jkdg" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7736?format=api", "vulnerability_id": "VCID-xn7b-vz2e-6qdh", "summary": "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3789" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00589", "scoring_system": "epss", "scoring_elements": "0.69494", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10156" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156" }, { "reference_url": "https://github.com/advisories/GHSA-grgm-pph5-j5h7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-grgm-pph5-j5h7" }, { "reference_url": "https://github.com/ansible/ansible/commit/04e94274fb92e116e9082cc9b86b1fd05c836922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/04e94274fb92e116e9082cc9b86b1fd05c836922" }, { "reference_url": "https://github.com/ansible/ansible/commit/3ff6505e8ff0e4655bab008886983476ef903375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/3ff6505e8ff0e4655bab008886983476ef903375" }, { "reference_url": "https://github.com/ansible/ansible/commit/a11c3edfa41e7e4a4db323cdabfc2eae1b61da2a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/a11c3edfa41e7e4a4db323cdabfc2eae1b61da2a" }, { "reference_url": "https://github.com/ansible/ansible/pull/57188", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/57188" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-2.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-2.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10156", "reference_id": "CVE-2019-10156", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10156" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12698?format=api", "purl": "pkg:pypi/ansible@2.6.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/11293?format=api", "purl": "pkg:pypi/ansible@2.7.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/12699?format=api", "purl": "pkg:pypi/ansible@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-mk3k-n9wn-q3ct" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.2" } ], "aliases": [ "CVE-2019-10156", "GHSA-grgm-pph5-j5h7", "PYSEC-2019-2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xn7b-vz2e-6qdh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.12" }