Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/141994?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/141994?format=api", "purl": "pkg:pypi/ansible@0", "type": "pypi", "namespace": "", "name": "ansible", "version": "0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "12.0.0", "latest_non_vulnerable_version": "12.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6043?format=api", "vulnerability_id": "VCID-ae1r-yq1g-rkem", "summary": "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1737.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1737.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30834", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30802", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30807", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30848", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3089", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30889", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30858", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.308", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30983", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30936", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1737" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1737" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-893h-35v4-mxqx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-893h-35v4-mxqx" }, { "reference_url": "https://github.com/ansible/ansible/issues/67795", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/67795" }, { "reference_url": "https://github.com/ansible/ansible/pull/67799", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/67799" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-9.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-9.yaml" }, { "reference_url": "https://github.com/samdoran/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/samdoran/ansible" }, { "reference_url": "https://github.com/samdoran/ansible/commit/1de638b4d38d6d916588e2ad48d01f90dab8c36d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/samdoran/ansible/commit/1de638b4d38d6d916588e2ad48d01f90dab8c36d" }, { "reference_url": "https://github.com/samdoran/ansible/commit/aaf549d7870b8687209a3282841b59207735b676", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/samdoran/ansible/commit/aaf549d7870b8687209a3282841b59207735b676" }, { "reference_url": "https://github.com/samdoran/ansible/commit/b60aa26e2313a8d52c0e0d3fd01696e797605b72", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/samdoran/ansible/commit/b60aa26e2313a8d52c0e0d3fd01696e797605b72" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", "reference_id": "1802154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1541", "reference_id": "RHSA-2020:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1542", "reference_id": "RHSA-2020:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1543", "reference_id": "RHSA-2020:1543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1544", "reference_id": "RHSA-2020:1544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1544" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/7572?format=api", "purl": "pkg:pypi/ansible@2.8.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10050?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1737", "GHSA-893h-35v4-mxqx", "PYSEC-2020-9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ae1r-yq1g-rkem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6601?format=api", "vulnerability_id": "VCID-axc3-wcsk-q3eg", "summary": "A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54927", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5489", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54913", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54931", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54919", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5492", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5487", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54875", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54804", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3583", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3583" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e" }, { "reference_url": "https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847" }, { "reference_url": "https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1" }, { "reference_url": "https://github.com/ansible/ansible/pull/74960", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/74960" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://security.archlinux.org/AVG-2260", "reference_id": "AVG-2260", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2260" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583", "reference_id": "CVE-2021-3583", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2663", "reference_id": "RHSA-2021:2663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2664", "reference_id": "RHSA-2021:2664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2664" }, { "reference_url": "https://usn.ubuntu.com/USN-5315-1/", "reference_id": "USN-USN-5315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5315-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13319?format=api", "purl": "pkg:pypi/ansible@2.9.23rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/13320?format=api", "purl": "pkg:pypi/ansible@2.9.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/74280?format=api", "purl": "pkg:pypi/ansible@2.10.11rc1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.11rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74281?format=api", "purl": "pkg:pypi/ansible@2.11.2rc1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.11.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17553?format=api", "purl": "pkg:pypi/ansible@3.0.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0b1" } ], "aliases": [ "CVE-2021-3583", "GHSA-2pfh-q76x-gwvm", "PYSEC-2021-358" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axc3-wcsk-q3eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6049?format=api", "vulnerability_id": "VCID-b8zs-br97-57av", "summary": "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1739.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1739.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11009", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13797", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13834", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13865", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1378", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13874", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13815", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1393", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13732", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13748", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1739" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-923p-fr2c-g5m2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-923p-fr2c-g5m2" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/1a89d4f059c21a818306a39ada7f5284ae125237", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/1a89d4f059c21a818306a39ada7f5284ae125237" }, { "reference_url": "https://github.com/ansible/ansible/commit/6c74a298702c8bb5532b9600073312e08f39680f", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/6c74a298702c8bb5532b9600073312e08f39680f" }, { "reference_url": "https://github.com/ansible/ansible/commit/c6c4fbf4a1fdea1e10ba94462a60c413990a16a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/c6c4fbf4a1fdea1e10ba94462a60c413990a16a4" }, { "reference_url": "https://github.com/ansible/ansible/issues/67797", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/67797" }, { "reference_url": "https://github.com/ansible/ansible/pull/68911", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/68911" }, { "reference_url": "https://github.com/ansible/ansible/pull/68912", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/68912" }, { "reference_url": "https://github.com/ansible/ansible/pull/68913", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/68913" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-11.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-11.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", "reference_id": "1802178", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802178" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1541", "reference_id": "RHSA-2020:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1542", "reference_id": "RHSA-2020:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1543", "reference_id": "RHSA-2020:1543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1544", "reference_id": "RHSA-2020:1544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "reference_url": "https://usn.ubuntu.com/7330-1/", "reference_id": "USN-7330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7330-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/7572?format=api", "purl": "pkg:pypi/ansible@2.8.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10050?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10145?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10146?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-1739", "GHSA-923p-fr2c-g5m2", "PYSEC-2020-11" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8zs-br97-57av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6131?format=api", "vulnerability_id": "VCID-d4ka-dk4p-kfhb", "summary": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10509", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12481", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1252", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12463", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12498", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12417", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12609", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12567", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1244", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14904" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-gwr8-5j83-483c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gwr8-5j83-483c" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69" }, { "reference_url": "https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907" }, { "reference_url": "https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8" }, { "reference_url": "https://github.com/ansible/ansible/pull/65686", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/65686" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0215", "reference_id": "RHSA-2020:0215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0217", "reference_id": "RHSA-2020:0217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0217" }, { "reference_url": "https://usn.ubuntu.com/7330-1/", "reference_id": "USN-7330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7330-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7568?format=api", "purl": "pkg:pypi/ansible@2.7.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/7569?format=api", "purl": "pkg:pypi/ansible@2.7.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/9832?format=api", "purl": "pkg:pypi/ansible@2.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/10045?format=api", "purl": "pkg:pypi/ansible@2.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/10046?format=api", "purl": "pkg:pypi/ansible@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/10047?format=api", "purl": "pkg:pypi/ansible@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.3" } ], "aliases": [ "CVE-2019-14904", "GHSA-gwr8-5j83-483c", "PYSEC-2020-161" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d4ka-dk4p-kfhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6055?format=api", "vulnerability_id": "VCID-d7ez-s7qb-p3ay", "summary": "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1738.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1738.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34022", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33988", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34012", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34055", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34056", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34025", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33983", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34123", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33754", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1738" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1738" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-f85h-23mf-2fwh", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f85h-23mf-2fwh" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/issues/67796", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/67796" }, { "reference_url": "https://github.com/ansible/ansible/pull/67808", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/67808" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-10.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-10.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:N/C:N/I:P/A:P" }, { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802164", "reference_id": "1802164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802164" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/7572?format=api", "purl": "pkg:pypi/ansible@2.8.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10050?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10145?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10146?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-1738", "GHSA-f85h-23mf-2fwh", "PYSEC-2020-10" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7ez-s7qb-p3ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5761?format=api", "vulnerability_id": "VCID-fetz-42jf-nqe8", "summary": "An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1685", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1685" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8647.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8647.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-8647", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2016-8647" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.3826", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38395", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38371", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38301", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38276", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38323", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38235", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38319", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38311", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38337", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8647" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396174", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396174" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8647" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-x4cm-m36h-c6qj", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4cm-m36h-c6qj" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/commit/30fb384e7fb9a94ac3929e4a650877e45d8834c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/commit/30fb384e7fb9a94ac3929e4a650877e45d8834c9" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/pull/5388", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/pull/5388" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-58.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-58.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844691", "reference_id": "844691", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844691" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8647", "reference_id": "CVE-2016-8647", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8647" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6466?format=api", "purl": "pkg:pypi/ansible@2.2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.1.0" } ], "aliases": [ "CVE-2016-8647", "GHSA-x4cm-m36h-c6qj", "PYSEC-2018-58" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fetz-42jf-nqe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5765?format=api", "vulnerability_id": "VCID-hfxe-jjf5-nqd1", "summary": "A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8614.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8614.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23428", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23411", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23465", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23504", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23486", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23436", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23582", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23544", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23383", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8614" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8614" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-cmwx-9m2h-x7v4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmwx-9m2h-x7v4" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/commit/1182d1f0b76d56f3667e27987a10b9ec8f03357d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/commit/1182d1f0b76d56f3667e27987a10b9ec8f03357d" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/commit/66d47c8149d84e52f64b7c4d1f340d45dca94d9c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/commit/66d47c8149d84e52f64b7c4d1f340d45dca94d9c" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/issues/5237", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/issues/5237" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/pull/5353", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/pull/5353" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/pull/5357", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/pull/5357" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-37.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-37.yaml" }, { "reference_url": "https://web.archive.org/web/20200227214450/https://www.securityfocus.com/bid/94108", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227214450/https://www.securityfocus.com/bid/94108" }, { "reference_url": "http://www.securityfocus.com/bid/94108", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94108" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388038", "reference_id": "1388038", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388038" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842984", "reference_id": "842984", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842984" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8614", "reference_id": "CVE-2016-8614", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8614" }, { "reference_url": "https://usn.ubuntu.com/7330-1/", "reference_id": "USN-7330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7330-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30861?format=api", "purl": "pkg:pypi/ansible@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/6464?format=api", "purl": "pkg:pypi/ansible@2.2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0.0" } ], "aliases": [ "CVE-2016-8614", "GHSA-cmwx-9m2h-x7v4", "PYSEC-2018-37" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfxe-jjf5-nqd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6044?format=api", "vulnerability_id": "VCID-hqar-fca3-cbht", "summary": "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08136", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08244", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08262", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08291", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08146", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08208", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08205", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08272", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1733" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-g4mq-6fp5-qwcf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g4mq-6fp5-qwcf" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/80b9a0a25c5f75e84aefc8f2b293fb1933b154f2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/80b9a0a25c5f75e84aefc8f2b293fb1933b154f2" }, { "reference_url": "https://github.com/ansible/ansible/commit/8251d9f4c2bc82632ab992277fcd30ccbf87aa47", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/8251d9f4c2bc82632ab992277fcd30ccbf87aa47" }, { "reference_url": "https://github.com/ansible/ansible/commit/ecf99d5e1ff732a7777010facd6c98bb0994605e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/ecf99d5e1ff732a7777010facd6c98bb0994605e" }, { "reference_url": "https://github.com/ansible/ansible/issues/67791", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/67791" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-5.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-5.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1733" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", "reference_id": "1801735", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801735" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1541", "reference_id": "RHSA-2020:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1542", "reference_id": "RHSA-2020:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1543", "reference_id": "RHSA-2020:1543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1544", "reference_id": "RHSA-2020:1544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "reference_url": "https://usn.ubuntu.com/USN-5315-1/", "reference_id": "USN-USN-5315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5315-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/10045?format=api", "purl": "pkg:pypi/ansible@2.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/10145?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10146?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-1733", "GHSA-g4mq-6fp5-qwcf", "PYSEC-2020-5" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hqar-fca3-cbht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5941?format=api", "vulnerability_id": "VCID-kb5h-116p-33b4", "summary": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3201", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3202", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3203", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3207", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0756", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0756" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14846.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14846.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31978", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35913", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35985", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3601", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36048", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36043", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36019", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3597", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36134", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36104", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14846" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4" }, { "reference_url": "https://github.com/ansible/ansible/commit/cb0f535a8b254a2daf69cd067e842fabb2993034", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/cb0f535a8b254a2daf69cd067e842fabb2993034" }, { "reference_url": "https://github.com/ansible/ansible/commit/d961f676c01023a6a21503df16ba551a550e515b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/d961f676c01023a6a21503df16ba551a550e515b" }, { "reference_url": "https://github.com/ansible/ansible/pull/63366", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/63366" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-4.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-4.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14846" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755373", "reference_id": "1755373", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755373" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942188", "reference_id": "942188", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942188" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-pm48-cvv2-29q5", "reference_id": "GHSA-pm48-cvv2-29q5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pm48-cvv2-29q5" }, { "reference_url": "https://usn.ubuntu.com/7330-1/", "reference_id": "USN-7330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7330-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9396?format=api", "purl": "pkg:pypi/ansible@2.6.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/7567?format=api", "purl": "pkg:pypi/ansible@2.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/9397?format=api", "purl": "pkg:pypi/ansible@2.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/13294?format=api", "purl": "pkg:pypi/ansible@2.9.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.0b1" } ], "aliases": [ "CVE-2019-14846", "GHSA-pm48-cvv2-29q5", "PYSEC-2019-4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kb5h-116p-33b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5764?format=api", "vulnerability_id": "VCID-q4q1-aueh-sub2", "summary": "Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2778", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:2778" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8628.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8628.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.61959", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62098", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.6208", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62031", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62061", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.6203", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62107", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62086", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.6213", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62118", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8628" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-jg4f-jqm5-4mgq", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jg4f-jqm5-4mgq" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/35938b907dfcd1106ca40b794f0db446bdb8cf09", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/35938b907dfcd1106ca40b794f0db446bdb8cf09" }, { "reference_url": "https://github.com/ansible/ansible/issues/41903", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/41903" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-38.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-38.yaml" }, { "reference_url": "https://web.archive.org/web/20200227214455/http://www.securityfocus.com/bid/94109", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227214455/http://www.securityfocus.com/bid/94109" }, { "reference_url": "http://www.securityfocus.com/bid/94109", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94109" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388113", "reference_id": "1388113", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388113" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842985", "reference_id": "842985", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842985" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8628", "reference_id": "CVE-2016-8628", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8628" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30861?format=api", "purl": "pkg:pypi/ansible@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/6464?format=api", "purl": "pkg:pypi/ansible@2.2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0.0" } ], "aliases": [ "CVE-2016-8628", "GHSA-jg4f-jqm5-4mgq", "PYSEC-2018-38" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4q1-aueh-sub2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5812?format=api", "vulnerability_id": "VCID-r6bb-p28b-8fcn", "summary": "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3770", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3770" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3771", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3772", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3773", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3773" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16859.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16859.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2647", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26521", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26567", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2656", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26512", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26442", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26657", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26612", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26562", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26464", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16859" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859" }, { "reference_url": "https://cwe.mitre.org/data/definitions/200.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.5.13/changelogs/CHANGELOG-v2.5.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.5.13/changelogs/CHANGELOG-v2.5.rst" }, { "reference_url": "https://github.com/ansible/ansible/commit/0d746b4198abf84290a093b83cf02b4203d73d9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/0d746b4198abf84290a093b83cf02b4203d73d9f" }, { "reference_url": "https://github.com/ansible/ansible/commit/2f8d3fcf41107efafc14d51ab6e14531ca8f8c87", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/2f8d3fcf41107efafc14d51ab6e14531ca8f8c87" }, { "reference_url": "https://github.com/ansible/ansible/commit/4d748d34f9392aa469da00a85c8e2d5fe6cec52b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/4d748d34f9392aa469da00a85c8e2d5fe6cec52b" }, { "reference_url": "https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c" }, { "reference_url": "https://github.com/ansible/ansible/pull/49142", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/49142" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-60.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-60.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16859" }, { "reference_url": "https://web.archive.org/web/20200227102121/http://www.securityfocus.com/bid/106004", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227102121/http://www.securityfocus.com/bid/106004" }, { "reference_url": "http://www.securityfocus.com/bid/106004", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649607", "reference_id": "1649607", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649607" }, { "reference_url": "https://github.com/advisories/GHSA-v735-2pp6-h86r", "reference_id": "GHSA-v735-2pp6-h86r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v735-2pp6-h86r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7553?format=api", "purl": "pkg:pypi/ansible@2.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/7580?format=api", "purl": "pkg:pypi/ansible@2.5.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/7555?format=api", "purl": "pkg:pypi/ansible@2.6.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/7581?format=api", "purl": "pkg:pypi/ansible@2.6.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/7557?format=api", "purl": "pkg:pypi/ansible@2.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/7578?format=api", "purl": "pkg:pypi/ansible@2.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/7579?format=api", "purl": "pkg:pypi/ansible@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-7uu9-tj6b-quf6" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1" } ], "aliases": [ "CVE-2018-16859", "GHSA-v735-2pp6-h86r", "PYSEC-2018-60" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6bb-p28b-8fcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5797?format=api", "vulnerability_id": "VCID-rknj-nkgs-wyg2", "summary": "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3460", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3461", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3462", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3463", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3505", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3505" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16837.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16837.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2018-16837", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2018-16837" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12189", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1227", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12385", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12429", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1223", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12309", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1236", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12367", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12329", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12291", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16837" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/c963ef1dfbf73efea5106624eb48b346f01eaefd/changelogs/CHANGELOG-v2.7.rst?plain=1#L138", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/c963ef1dfbf73efea5106624eb48b346f01eaefd/changelogs/CHANGELOG-v2.7.rst?plain=1#L138" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst#v2511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst#v2511" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst#v267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst#v267" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#v2-7-1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#v2-7-1" }, { "reference_url": "https://github.com/ansible/ansible/commit/77928e6c3a2ad878b20312ce5d74d9d7741e0df0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/77928e6c3a2ad878b20312ce5d74d9d7741e0df0" }, { "reference_url": "https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4" }, { "reference_url": "https://github.com/ansible/ansible/commit/b618339c321c387230d3ea523e80ad47af3de5cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/b618339c321c387230d3ea523e80ad47af3de5cf" }, { "reference_url": "https://github.com/ansible/ansible/commit/f50cc0b8cb399bb7b7c1ad23b94c9404f0cc6d23", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/f50cc0b8cb399bb7b7c1ad23b94c9404f0cc6d23" }, { "reference_url": "https://github.com/ansible/ansible/pull/47436", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/47436" }, { "reference_url": "https://github.com/ansible/ansible/pull/47445", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/47445" }, { "reference_url": "https://github.com/ansible/ansible/pull/47486", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/47486" }, { "reference_url": "https://github.com/ansible/ansible/pull/47487", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/47487" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-44.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-44.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html" }, { "reference_url": "https://usn.ubuntu.com/4072-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4072-1" }, { "reference_url": "https://usn.ubuntu.com/4072-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4072-1/" }, { "reference_url": "https://web.archive.org/web/20200227105539/http://www.securityfocus.com/bid/105700", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227105539/http://www.securityfocus.com/bid/105700" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4396", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4396" }, { "reference_url": "http://www.securityfocus.com/bid/105700", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/105700" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640642", "reference_id": "1640642", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640642" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912297", "reference_id": "912297", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912297" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16837", "reference_id": "CVE-2018-16837", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16837" }, { "reference_url": "https://github.com/advisories/GHSA-hwrm-63v2-42g4", "reference_id": "GHSA-hwrm-63v2-42g4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hwrm-63v2-42g4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4288?format=api", "purl": "pkg:pypi/ansible@2.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-s1r4-29kw-5kbg" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7404?format=api", "purl": "pkg:pypi/ansible@2.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/7403?format=api", "purl": "pkg:pypi/ansible@2.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/7402?format=api", "purl": "pkg:pypi/ansible@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.1" } ], "aliases": [ "CVE-2018-16837", "GHSA-hwrm-63v2-42g4", "PYSEC-2018-44" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rknj-nkgs-wyg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5745?format=api", "vulnerability_id": "VCID-wqm7-2ajr-6ue8", "summary": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2018:3788", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2018:3788" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2150", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2151", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2152", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2166", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2321", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2585", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0054", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0054" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10874.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10874.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2018-10874", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2018-10874" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14437", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14239", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14404", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14441", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14492", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14354", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14546", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14476", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14406", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10874" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10874", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10874" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/10d6fe6c98cfee9a7be0fea6102ba5dec951aec7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/10d6fe6c98cfee9a7be0fea6102ba5dec951aec7" }, { "reference_url": "https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e" }, { "reference_url": "https://github.com/ansible/ansible/commit/44874addc7ea136f83c67d5869047ece02645fdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/44874addc7ea136f83c67d5869047ece02645fdb" }, { "reference_url": "https://github.com/ansible/ansible/pull/42067", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/42067" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-81.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-81.yaml" }, { "reference_url": "https://usn.ubuntu.com/4072-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4072-1" }, { "reference_url": "https://usn.ubuntu.com/4072-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4072-1/" }, { "reference_url": "https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396" }, { "reference_url": "http://www.securitytracker.com/id/1041396", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041396" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874", "reference_id": "CVE-2018-10874", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874" }, { "reference_url": "https://github.com/advisories/GHSA-3xvg-x47j-x75w", "reference_id": "GHSA-3xvg-x47j-x75w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3xvg-x47j-x75w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4288?format=api", "purl": "pkg:pypi/ansible@2.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-s1r4-29kw-5kbg" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6632?format=api", "purl": "pkg:pypi/ansible@2.4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-y91x-2rch-pkar" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/6633?format=api", "purl": "pkg:pypi/ansible@2.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-y91x-2rch-pkar" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/6634?format=api", "purl": "pkg:pypi/ansible@2.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.1" } ], "aliases": [ "CVE-2018-10874", "GHSA-3xvg-x47j-x75w", "PYSEC-2018-81" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqm7-2ajr-6ue8" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@0" }