Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ansible@2.8.5
Typepypi
Namespace
Nameansible
Version2.8.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.0
Latest_non_vulnerable_version12.0.0
Affected_by_vulnerabilities
0
url VCID-1sty-hqbq-63hy
vulnerability_id VCID-1sty-hqbq-63hy
summary In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:3201
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3201
3
reference_url https://access.redhat.com/errata/RHSA-2019:3202
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3202
4
reference_url https://access.redhat.com/errata/RHSA-2019:3203
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3203
5
reference_url https://access.redhat.com/errata/RHSA-2019:3207
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3207
6
reference_url https://access.redhat.com/errata/RHSA-2020:0756
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0756
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846
8
reference_url https://github.com/ansible/ansible/pull/63366
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/63366
9
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
10
reference_url https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
fixed_packages
0
url pkg:pypi/ansible@2.8.6
purl pkg:pypi/ansible@2.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-5t77-f231-6ffg
2
vulnerability VCID-78m2-3fj5-tbh1
3
vulnerability VCID-7ben-361w-tkdr
4
vulnerability VCID-7qnx-1gp2-v7bb
5
vulnerability VCID-833d-up6b-rfe1
6
vulnerability VCID-8u2v-jtqe-dqg3
7
vulnerability VCID-am9g-ba4h-sfhr
8
vulnerability VCID-cuq1-se5h-vygd
9
vulnerability VCID-cxts-25nq-4fcs
10
vulnerability VCID-dkds-s3ad-cufa
11
vulnerability VCID-ec6s-8f24-9bh7
12
vulnerability VCID-etb4-2qch-6kgw
13
vulnerability VCID-gm99-68bj-c3cz
14
vulnerability VCID-gxw4-ydnj-fkfe
15
vulnerability VCID-hjc4-jcfm-7be5
16
vulnerability VCID-hq4d-92s2-vqg6
17
vulnerability VCID-hs3w-mah1-ckb5
18
vulnerability VCID-mbj9-3bnb-wbda
19
vulnerability VCID-p4p5-29r5-8qh9
20
vulnerability VCID-pqj1-u787-g3aj
21
vulnerability VCID-qztj-r7zc-jue3
22
vulnerability VCID-subj-aje2-93bk
23
vulnerability VCID-vhxq-1hqq-77bx
24
vulnerability VCID-vsv2-4d8c-m3g1
25
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6
aliases CVE-2019-14846, PYSEC-2019-4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1sty-hqbq-63hy
1
url VCID-2z4k-r21v-rfgx
vulnerability_id VCID-2z4k-r21v-rfgx
summary A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
1
reference_url https://github.com/advisories/GHSA-x7jh-595q-wq82
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-x7jh-595q-wq82
2
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
3
reference_url https://github.com/ansible/ansible/issues/67794
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67794
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/
9
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1736
reference_id CVE-2020-1736
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-1736
fixed_packages
0
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
1
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1736, GHSA-x7jh-595q-wq82, PYSEC-2020-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2z4k-r21v-rfgx
2
url VCID-5t77-f231-6ffg
vulnerability_id VCID-5t77-f231-6ffg
summary A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1869154
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1869154
1
reference_url https://github.com/advisories/GHSA-m429-fhmv-c6q2
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-m429-fhmv-c6q2
fixed_packages
0
url pkg:pypi/ansible@2.8.16rc1
purl pkg:pypi/ansible@2.8.16rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-gm99-68bj-c3cz
5
vulnerability VCID-hjc4-jcfm-7be5
6
vulnerability VCID-p4p5-29r5-8qh9
7
vulnerability VCID-pqj1-u787-g3aj
8
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.16rc1
1
url pkg:pypi/ansible@2.9.14rc1
purl pkg:pypi/ansible@2.9.14rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8u2v-jtqe-dqg3
1
vulnerability VCID-am9g-ba4h-sfhr
2
vulnerability VCID-dkds-s3ad-cufa
3
vulnerability VCID-gm99-68bj-c3cz
4
vulnerability VCID-hjc4-jcfm-7be5
5
vulnerability VCID-p4p5-29r5-8qh9
6
vulnerability VCID-pqj1-u787-g3aj
7
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.14rc1
aliases CVE-2020-14365, GHSA-m429-fhmv-c6q2, PYSEC-2020-209
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5t77-f231-6ffg
3
url VCID-78m2-3fj5-tbh1
vulnerability_id VCID-78m2-3fj5-tbh1
summary A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746
1
reference_url https://github.com/advisories/GHSA-j2h6-73x8-22c4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-j2h6-73x8-22c4
2
reference_url https://github.com/ansible/ansible/pull/67866
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/67866
fixed_packages
0
url pkg:pypi/ansible@2.8.11
purl pkg:pypi/ansible@2.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-833d-up6b-rfe1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-ec6s-8f24-9bh7
6
vulnerability VCID-gm99-68bj-c3cz
7
vulnerability VCID-hjc4-jcfm-7be5
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11
1
url pkg:pypi/ansible@2.9.7
purl pkg:pypi/ansible@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-ec6s-8f24-9bh7
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hs3w-mah1-ckb5
8
vulnerability VCID-p4p5-29r5-8qh9
9
vulnerability VCID-pqj1-u787-g3aj
10
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7
aliases CVE-2020-1746, GHSA-j2h6-73x8-22c4, PYSEC-2020-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78m2-3fj5-tbh1
4
url VCID-7ben-361w-tkdr
vulnerability_id VCID-7ben-361w-tkdr
summary Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864
3
reference_url https://github.com/advisories/GHSA-3m93-m4q6-mc6v
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-3m93-m4q6-mc6v
4
reference_url https://github.com/ansible/ansible/issues/63522
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/63522
5
reference_url https://github.com/ansible/ansible/pull/63527
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/63527
fixed_packages
0
url pkg:pypi/ansible@2.8.7
purl pkg:pypi/ansible@2.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-5t77-f231-6ffg
2
vulnerability VCID-78m2-3fj5-tbh1
3
vulnerability VCID-7qnx-1gp2-v7bb
4
vulnerability VCID-833d-up6b-rfe1
5
vulnerability VCID-8u2v-jtqe-dqg3
6
vulnerability VCID-am9g-ba4h-sfhr
7
vulnerability VCID-cuq1-se5h-vygd
8
vulnerability VCID-cxts-25nq-4fcs
9
vulnerability VCID-dkds-s3ad-cufa
10
vulnerability VCID-ec6s-8f24-9bh7
11
vulnerability VCID-etb4-2qch-6kgw
12
vulnerability VCID-gm99-68bj-c3cz
13
vulnerability VCID-gxw4-ydnj-fkfe
14
vulnerability VCID-hjc4-jcfm-7be5
15
vulnerability VCID-hq4d-92s2-vqg6
16
vulnerability VCID-hs3w-mah1-ckb5
17
vulnerability VCID-mbj9-3bnb-wbda
18
vulnerability VCID-p4p5-29r5-8qh9
19
vulnerability VCID-pqj1-u787-g3aj
20
vulnerability VCID-qztj-r7zc-jue3
21
vulnerability VCID-subj-aje2-93bk
22
vulnerability VCID-vhxq-1hqq-77bx
23
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7
1
url pkg:pypi/ansible@2.9.1
purl pkg:pypi/ansible@2.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-5t77-f231-6ffg
2
vulnerability VCID-78m2-3fj5-tbh1
3
vulnerability VCID-7qnx-1gp2-v7bb
4
vulnerability VCID-833d-up6b-rfe1
5
vulnerability VCID-8u2v-jtqe-dqg3
6
vulnerability VCID-am9g-ba4h-sfhr
7
vulnerability VCID-cuq1-se5h-vygd
8
vulnerability VCID-cxts-25nq-4fcs
9
vulnerability VCID-dkds-s3ad-cufa
10
vulnerability VCID-ec6s-8f24-9bh7
11
vulnerability VCID-etb4-2qch-6kgw
12
vulnerability VCID-gm99-68bj-c3cz
13
vulnerability VCID-gxw4-ydnj-fkfe
14
vulnerability VCID-hjc4-jcfm-7be5
15
vulnerability VCID-hq4d-92s2-vqg6
16
vulnerability VCID-hs3w-mah1-ckb5
17
vulnerability VCID-mbj9-3bnb-wbda
18
vulnerability VCID-p4p5-29r5-8qh9
19
vulnerability VCID-pqj1-u787-g3aj
20
vulnerability VCID-ptg6-bwz8-pud8
21
vulnerability VCID-qztj-r7zc-jue3
22
vulnerability VCID-subj-aje2-93bk
23
vulnerability VCID-vhxq-1hqq-77bx
24
vulnerability VCID-vsv2-4d8c-m3g1
25
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.1
aliases CVE-2019-14864, GHSA-3m93-m4q6-mc6v, PYSEC-2020-160
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ben-361w-tkdr
5
url VCID-7qnx-1gp2-v7bb
vulnerability_id VCID-7qnx-1gp2-v7bb
summary A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
1
reference_url https://github.com/advisories/GHSA-gfr2-qpxh-qj9m
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-gfr2-qpxh-qj9m
2
reference_url https://github.com/ansible/ansible/issues/67793
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67793
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
6
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
1
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1735, GHSA-gfr2-qpxh-qj9m, PYSEC-2020-7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qnx-1gp2-v7bb
6
url VCID-833d-up6b-rfe1
vulnerability_id VCID-833d-up6b-rfe1
summary A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1831089
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1831089
1
reference_url https://github.com/advisories/GHSA-r6h7-5pq2-j77h
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-r6h7-5pq2-j77h
2
reference_url https://github.com/ansible/ansible/issues/34144
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/34144
fixed_packages
0
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-10729, GHSA-r6h7-5pq2-j77h, PYSEC-2021-105
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-833d-up6b-rfe1
7
url VCID-8u2v-jtqe-dqg3
vulnerability_id VCID-8u2v-jtqe-dqg3
summary A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1925002
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1925002
1
reference_url https://github.com/advisories/GHSA-5rrg-rr89-x9mv
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5rrg-rr89-x9mv
2
reference_url https://github.com/ansible/ansible/pull/73487
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/73487
fixed_packages
0
url pkg:pypi/ansible@2.9.19
purl pkg:pypi/ansible@2.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am9g-ba4h-sfhr
1
vulnerability VCID-dkds-s3ad-cufa
2
vulnerability VCID-gm99-68bj-c3cz
3
vulnerability VCID-hjc4-jcfm-7be5
4
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19
aliases CVE-2021-20228, GHSA-5rrg-rr89-x9mv, PYSEC-2021-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2v-jtqe-dqg3
8
url VCID-am9g-ba4h-sfhr
vulnerability_id VCID-am9g-ba4h-sfhr
summary A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
1
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
2
reference_url https://github.com/ansible-collections/community.aws/issues/222
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/issues/222
3
reference_url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
reference_id CVE-2020-25635
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
6
reference_url https://github.com/advisories/GHSA-f556-49jc-4rvc
reference_id GHSA-f556-49jc-4rvc
reference_type
scores
url https://github.com/advisories/GHSA-f556-49jc-4rvc
fixed_packages
0
url pkg:pypi/ansible@2.10.1
purl pkg:pypi/ansible@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hjc4-jcfm-7be5
1
vulnerability VCID-p4p5-29r5-8qh9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1
aliases CVE-2020-25635, GHSA-f556-49jc-4rvc, PYSEC-2020-220
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr
9
url VCID-cuq1-se5h-vygd
vulnerability_id VCID-cuq1-se5h-vygd
summary A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753
1
reference_url https://github.com/advisories/GHSA-86hp-cj9j-33vv
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-86hp-cj9j-33vv
2
reference_url https://github.com/ansible-collections/kubernetes/pull/51
reference_id
reference_type
scores
url https://github.com/ansible-collections/kubernetes/pull/51
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
6
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.8.11
purl pkg:pypi/ansible@2.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-833d-up6b-rfe1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-ec6s-8f24-9bh7
6
vulnerability VCID-gm99-68bj-c3cz
7
vulnerability VCID-hjc4-jcfm-7be5
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11
1
url pkg:pypi/ansible@2.9.7
purl pkg:pypi/ansible@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-ec6s-8f24-9bh7
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hs3w-mah1-ckb5
8
vulnerability VCID-p4p5-29r5-8qh9
9
vulnerability VCID-pqj1-u787-g3aj
10
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7
aliases CVE-2020-1753, GHSA-86hp-cj9j-33vv, PYSEC-2020-210
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cuq1-se5h-vygd
10
url VCID-cxts-25nq-4fcs
vulnerability_id VCID-cxts-25nq-4fcs
summary A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
1
reference_url https://github.com/advisories/GHSA-vcg8-98q8-g7mj
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vcg8-98q8-g7mj
2
reference_url https://github.com/ansible/ansible/issues/67798
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67798
3
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
7
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
1
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1740, GHSA-vcg8-98q8-g7mj, PYSEC-2020-12
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxts-25nq-4fcs
11
url VCID-dkds-s3ad-cufa
vulnerability_id VCID-dkds-s3ad-cufa
summary information disclosure
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1975767
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1975767
1
reference_url https://github.com/advisories/GHSA-4r65-35qq-ch8j
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-4r65-35qq-ch8j
2
reference_url https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
reference_id
reference_type
scores
url https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
3
reference_url https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
4
reference_url https://security.archlinux.org/AVG-1941
reference_id AVG-1941
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1941
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3620
reference_id CVE-2021-3620
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3620
fixed_packages
0
url pkg:pypi/ansible@2.9.27
purl pkg:pypi/ansible@2.9.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am9g-ba4h-sfhr
1
vulnerability VCID-hjc4-jcfm-7be5
2
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27
aliases CVE-2021-3620, GHSA-4r65-35qq-ch8j, PYSEC-2022-164
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dkds-s3ad-cufa
12
url VCID-ec6s-8f24-9bh7
vulnerability_id VCID-ec6s-8f24-9bh7
summary A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332
1
reference_url https://github.com/advisories/GHSA-j667-c2hm-f2wp
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-j667-c2hm-f2wp
2
reference_url https://github.com/ansible/ansible/pull/71033
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/71033
fixed_packages
0
url pkg:pypi/ansible@2.8.14
purl pkg:pypi/ansible@2.8.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-833d-up6b-rfe1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-p4p5-29r5-8qh9
8
vulnerability VCID-pqj1-u787-g3aj
9
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.14
1
url pkg:pypi/ansible@2.9.12
purl pkg:pypi/ansible@2.9.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-gm99-68bj-c3cz
5
vulnerability VCID-hjc4-jcfm-7be5
6
vulnerability VCID-p4p5-29r5-8qh9
7
vulnerability VCID-pqj1-u787-g3aj
8
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12
aliases CVE-2020-14332, GHSA-j667-c2hm-f2wp, PYSEC-2020-4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ec6s-8f24-9bh7
13
url VCID-etb4-2qch-6kgw
vulnerability_id VCID-etb4-2qch-6kgw
summary A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684
1
reference_url https://github.com/advisories/GHSA-p62g-jhg6-v3rq
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-p62g-jhg6-v3rq
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
5
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
1
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-10684, GHSA-p62g-jhg6-v3rq, PYSEC-2020-207
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-etb4-2qch-6kgw
14
url VCID-frk2-9jfm-cybm
vulnerability_id VCID-frk2-9jfm-cybm
summary ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
2
reference_url https://access.redhat.com/errata/RHSA-2020:0756
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0756
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856
fixed_packages
0
url pkg:pypi/ansible@2.8.6
purl pkg:pypi/ansible@2.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-5t77-f231-6ffg
2
vulnerability VCID-78m2-3fj5-tbh1
3
vulnerability VCID-7ben-361w-tkdr
4
vulnerability VCID-7qnx-1gp2-v7bb
5
vulnerability VCID-833d-up6b-rfe1
6
vulnerability VCID-8u2v-jtqe-dqg3
7
vulnerability VCID-am9g-ba4h-sfhr
8
vulnerability VCID-cuq1-se5h-vygd
9
vulnerability VCID-cxts-25nq-4fcs
10
vulnerability VCID-dkds-s3ad-cufa
11
vulnerability VCID-ec6s-8f24-9bh7
12
vulnerability VCID-etb4-2qch-6kgw
13
vulnerability VCID-gm99-68bj-c3cz
14
vulnerability VCID-gxw4-ydnj-fkfe
15
vulnerability VCID-hjc4-jcfm-7be5
16
vulnerability VCID-hq4d-92s2-vqg6
17
vulnerability VCID-hs3w-mah1-ckb5
18
vulnerability VCID-mbj9-3bnb-wbda
19
vulnerability VCID-p4p5-29r5-8qh9
20
vulnerability VCID-pqj1-u787-g3aj
21
vulnerability VCID-qztj-r7zc-jue3
22
vulnerability VCID-subj-aje2-93bk
23
vulnerability VCID-vhxq-1hqq-77bx
24
vulnerability VCID-vsv2-4d8c-m3g1
25
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6
aliases CVE-2019-14856, PYSEC-2019-146
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-frk2-9jfm-cybm
15
url VCID-gm99-68bj-c3cz
vulnerability_id VCID-gm99-68bj-c3cz
summary arbitrary command execution
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1968412
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1968412
1
reference_url https://github.com/advisories/GHSA-2pfh-q76x-gwvm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2pfh-q76x-gwvm
2
reference_url https://security.archlinux.org/AVG-2260
reference_id AVG-2260
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2260
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3583
reference_id CVE-2021-3583
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3583
fixed_packages
0
url pkg:pypi/ansible@2.9.23
purl pkg:pypi/ansible@2.9.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am9g-ba4h-sfhr
1
vulnerability VCID-dkds-s3ad-cufa
2
vulnerability VCID-hjc4-jcfm-7be5
3
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23
aliases CVE-2021-3583, GHSA-2pfh-q76x-gwvm, PYSEC-2021-358
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gm99-68bj-c3cz
16
url VCID-gxw4-ydnj-fkfe
vulnerability_id VCID-gxw4-ydnj-fkfe
summary A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
1
reference_url https://github.com/advisories/GHSA-923p-fr2c-g5m2
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-923p-fr2c-g5m2
2
reference_url https://github.com/ansible/ansible/issues/67797
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67797
3
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
fixed_packages
0
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
1
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1739, GHSA-923p-fr2c-g5m2, PYSEC-2020-11
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxw4-ydnj-fkfe
17
url VCID-hjc4-jcfm-7be5
vulnerability_id VCID-hjc4-jcfm-7be5
summary information disclosure
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
1
reference_url https://security.archlinux.org/AVG-2056
reference_id AVG-2056
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2056
fixed_packages
0
url pkg:pypi/ansible@3.0.0
purl pkg:pypi/ansible@3.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0
aliases CVE-2021-3533, PYSEC-2021-126
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5
18
url VCID-hq4d-92s2-vqg6
vulnerability_id VCID-hq4d-92s2-vqg6
summary A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733
1
reference_url https://github.com/advisories/GHSA-g4mq-6fp5-qwcf
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-g4mq-6fp5-qwcf
2
reference_url https://github.com/ansible/ansible/issues/67791
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67791
3
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
7
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.8.8
purl pkg:pypi/ansible@2.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-5t77-f231-6ffg
2
vulnerability VCID-78m2-3fj5-tbh1
3
vulnerability VCID-7qnx-1gp2-v7bb
4
vulnerability VCID-833d-up6b-rfe1
5
vulnerability VCID-8u2v-jtqe-dqg3
6
vulnerability VCID-am9g-ba4h-sfhr
7
vulnerability VCID-cuq1-se5h-vygd
8
vulnerability VCID-cxts-25nq-4fcs
9
vulnerability VCID-dkds-s3ad-cufa
10
vulnerability VCID-ec6s-8f24-9bh7
11
vulnerability VCID-etb4-2qch-6kgw
12
vulnerability VCID-gm99-68bj-c3cz
13
vulnerability VCID-gxw4-ydnj-fkfe
14
vulnerability VCID-hjc4-jcfm-7be5
15
vulnerability VCID-hs3w-mah1-ckb5
16
vulnerability VCID-mbj9-3bnb-wbda
17
vulnerability VCID-p4p5-29r5-8qh9
18
vulnerability VCID-pqj1-u787-g3aj
19
vulnerability VCID-subj-aje2-93bk
20
vulnerability VCID-vhxq-1hqq-77bx
21
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8
1
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1733, GHSA-g4mq-6fp5-qwcf, PYSEC-2020-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hq4d-92s2-vqg6
19
url VCID-hs3w-mah1-ckb5
vulnerability_id VCID-hs3w-mah1-ckb5
summary An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744
1
reference_url https://github.com/advisories/GHSA-vp9j-rghq-8jhh
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vp9j-rghq-8jhh
2
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
3
reference_url https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d
4
reference_url https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f
5
reference_url https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80
6
reference_url https://github.com/ansible/ansible/issues/69782
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/69782
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10744
reference_id CVE-2020-10744
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-10744
fixed_packages
0
url pkg:pypi/ansible@2.8.13
purl pkg:pypi/ansible@2.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-833d-up6b-rfe1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-ec6s-8f24-9bh7
6
vulnerability VCID-gm99-68bj-c3cz
7
vulnerability VCID-hjc4-jcfm-7be5
8
vulnerability VCID-p4p5-29r5-8qh9
9
vulnerability VCID-pqj1-u787-g3aj
10
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13
1
url pkg:pypi/ansible@2.9.10
purl pkg:pypi/ansible@2.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-ec6s-8f24-9bh7
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-p4p5-29r5-8qh9
8
vulnerability VCID-pqj1-u787-g3aj
9
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.10
2
url pkg:pypi/ansible@2.9.12
purl pkg:pypi/ansible@2.9.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-gm99-68bj-c3cz
5
vulnerability VCID-hjc4-jcfm-7be5
6
vulnerability VCID-p4p5-29r5-8qh9
7
vulnerability VCID-pqj1-u787-g3aj
8
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12
3
url pkg:pypi/ansible@2.10.0rc1
purl pkg:pypi/ansible@2.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am9g-ba4h-sfhr
1
vulnerability VCID-hjc4-jcfm-7be5
2
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1
aliases CVE-2020-10744, GHSA-vp9j-rghq-8jhh, PYSEC-2020-208
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hs3w-mah1-ckb5
20
url VCID-mbj9-3bnb-wbda
vulnerability_id VCID-mbj9-3bnb-wbda
summary A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737
1
reference_url https://github.com/advisories/GHSA-893h-35v4-mxqx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-893h-35v4-mxqx
2
reference_url https://github.com/ansible/ansible/issues/67795
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67795
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
6
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
1
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1737, GHSA-893h-35v4-mxqx, PYSEC-2020-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbj9-3bnb-wbda
21
url VCID-p4p5-29r5-8qh9
vulnerability_id VCID-p4p5-29r5-8qh9
summary A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1916813
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1916813
1
reference_url https://github.com/advisories/GHSA-8f4m-hccc-8qph
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8f4m-hccc-8qph
fixed_packages
0
url pkg:pypi/ansible@2.8.19
purl pkg:pypi/ansible@2.8.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-gm99-68bj-c3cz
5
vulnerability VCID-hjc4-jcfm-7be5
6
vulnerability VCID-pqj1-u787-g3aj
7
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19
1
url pkg:pypi/ansible@2.9.18
purl pkg:pypi/ansible@2.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8u2v-jtqe-dqg3
1
vulnerability VCID-am9g-ba4h-sfhr
2
vulnerability VCID-dkds-s3ad-cufa
3
vulnerability VCID-gm99-68bj-c3cz
4
vulnerability VCID-hjc4-jcfm-7be5
5
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18
2
url pkg:pypi/ansible@2.10.7
purl pkg:pypi/ansible@2.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hjc4-jcfm-7be5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7
aliases CVE-2021-20191, GHSA-8f4m-hccc-8qph, PYSEC-2021-124
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4p5-29r5-8qh9
22
url VCID-pqj1-u787-g3aj
vulnerability_id VCID-pqj1-u787-g3aj
summary A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1914774
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1914774
1
reference_url https://github.com/advisories/GHSA-wv5p-gmmv-wh9v
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-wv5p-gmmv-wh9v
2
reference_url https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,
reference_id
reference_type
scores
url https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,
3
reference_url https://github.com/ansible-collections/community.general/pull/1635,
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.general/pull/1635,
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/
fixed_packages
0
url pkg:pypi/ansible@2.9.18
purl pkg:pypi/ansible@2.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8u2v-jtqe-dqg3
1
vulnerability VCID-am9g-ba4h-sfhr
2
vulnerability VCID-dkds-s3ad-cufa
3
vulnerability VCID-gm99-68bj-c3cz
4
vulnerability VCID-hjc4-jcfm-7be5
5
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18
aliases CVE-2021-20178, GHSA-wv5p-gmmv-wh9v, PYSEC-2021-106
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqj1-u787-g3aj
23
url VCID-qztj-r7zc-jue3
vulnerability_id VCID-qztj-r7zc-jue3
summary A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
2
reference_url https://access.redhat.com/errata/RHSA-2020:0216
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0216
3
reference_url https://access.redhat.com/errata/RHSA-2020:0218
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0218
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905
5
reference_url https://github.com/advisories/GHSA-frxj-5j27-f8rf
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-frxj-5j27-f8rf
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/
fixed_packages
0
url pkg:pypi/ansible@2.8.8
purl pkg:pypi/ansible@2.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-5t77-f231-6ffg
2
vulnerability VCID-78m2-3fj5-tbh1
3
vulnerability VCID-7qnx-1gp2-v7bb
4
vulnerability VCID-833d-up6b-rfe1
5
vulnerability VCID-8u2v-jtqe-dqg3
6
vulnerability VCID-am9g-ba4h-sfhr
7
vulnerability VCID-cuq1-se5h-vygd
8
vulnerability VCID-cxts-25nq-4fcs
9
vulnerability VCID-dkds-s3ad-cufa
10
vulnerability VCID-ec6s-8f24-9bh7
11
vulnerability VCID-etb4-2qch-6kgw
12
vulnerability VCID-gm99-68bj-c3cz
13
vulnerability VCID-gxw4-ydnj-fkfe
14
vulnerability VCID-hjc4-jcfm-7be5
15
vulnerability VCID-hs3w-mah1-ckb5
16
vulnerability VCID-mbj9-3bnb-wbda
17
vulnerability VCID-p4p5-29r5-8qh9
18
vulnerability VCID-pqj1-u787-g3aj
19
vulnerability VCID-subj-aje2-93bk
20
vulnerability VCID-vhxq-1hqq-77bx
21
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8
1
url pkg:pypi/ansible@2.9.3
purl pkg:pypi/ansible@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-5t77-f231-6ffg
2
vulnerability VCID-78m2-3fj5-tbh1
3
vulnerability VCID-7qnx-1gp2-v7bb
4
vulnerability VCID-833d-up6b-rfe1
5
vulnerability VCID-8u2v-jtqe-dqg3
6
vulnerability VCID-am9g-ba4h-sfhr
7
vulnerability VCID-cuq1-se5h-vygd
8
vulnerability VCID-cxts-25nq-4fcs
9
vulnerability VCID-dkds-s3ad-cufa
10
vulnerability VCID-ec6s-8f24-9bh7
11
vulnerability VCID-etb4-2qch-6kgw
12
vulnerability VCID-gm99-68bj-c3cz
13
vulnerability VCID-gxw4-ydnj-fkfe
14
vulnerability VCID-hjc4-jcfm-7be5
15
vulnerability VCID-hq4d-92s2-vqg6
16
vulnerability VCID-hs3w-mah1-ckb5
17
vulnerability VCID-mbj9-3bnb-wbda
18
vulnerability VCID-p4p5-29r5-8qh9
19
vulnerability VCID-pqj1-u787-g3aj
20
vulnerability VCID-ptg6-bwz8-pud8
21
vulnerability VCID-subj-aje2-93bk
22
vulnerability VCID-vhxq-1hqq-77bx
23
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.3
aliases CVE-2019-14905, GHSA-frxj-5j27-f8rf, PYSEC-2020-206
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qztj-r7zc-jue3
24
url VCID-subj-aje2-93bk
vulnerability_id VCID-subj-aje2-93bk
summary A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738
1
reference_url https://github.com/advisories/GHSA-f85h-23mf-2fwh
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-f85h-23mf-2fwh
2
reference_url https://github.com/ansible/ansible/issues/67796
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67796
3
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
1
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1738, GHSA-f85h-23mf-2fwh, PYSEC-2020-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-subj-aje2-93bk
25
url VCID-vhxq-1hqq-77bx
vulnerability_id VCID-vhxq-1hqq-77bx
summary An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
1
reference_url https://github.com/advisories/GHSA-785x-qw4v-6872
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-785x-qw4v-6872
2
reference_url https://github.com/ansible/ansible/issues/68400
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/68400
fixed_packages
0
url pkg:pypi/ansible@2.10.0
purl pkg:pypi/ansible@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-am9g-ba4h-sfhr
2
vulnerability VCID-hjc4-jcfm-7be5
3
vulnerability VCID-p4p5-29r5-8qh9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0
aliases CVE-2020-14330, GHSA-785x-qw4v-6872, PYSEC-2020-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx
26
url VCID-vsv2-4d8c-m3g1
vulnerability_id VCID-vsv2-4d8c-m3g1
summary A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1776944
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1776944
1
reference_url https://github.com/advisories/GHSA-gwr8-5j83-483c
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-gwr8-5j83-483c
2
reference_url https://github.com/ansible/ansible/pull/65686
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/65686
3
reference_url https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
fixed_packages
0
url pkg:pypi/ansible@2.8.7
purl pkg:pypi/ansible@2.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-5t77-f231-6ffg
2
vulnerability VCID-78m2-3fj5-tbh1
3
vulnerability VCID-7qnx-1gp2-v7bb
4
vulnerability VCID-833d-up6b-rfe1
5
vulnerability VCID-8u2v-jtqe-dqg3
6
vulnerability VCID-am9g-ba4h-sfhr
7
vulnerability VCID-cuq1-se5h-vygd
8
vulnerability VCID-cxts-25nq-4fcs
9
vulnerability VCID-dkds-s3ad-cufa
10
vulnerability VCID-ec6s-8f24-9bh7
11
vulnerability VCID-etb4-2qch-6kgw
12
vulnerability VCID-gm99-68bj-c3cz
13
vulnerability VCID-gxw4-ydnj-fkfe
14
vulnerability VCID-hjc4-jcfm-7be5
15
vulnerability VCID-hq4d-92s2-vqg6
16
vulnerability VCID-hs3w-mah1-ckb5
17
vulnerability VCID-mbj9-3bnb-wbda
18
vulnerability VCID-p4p5-29r5-8qh9
19
vulnerability VCID-pqj1-u787-g3aj
20
vulnerability VCID-qztj-r7zc-jue3
21
vulnerability VCID-subj-aje2-93bk
22
vulnerability VCID-vhxq-1hqq-77bx
23
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7
1
url pkg:pypi/ansible@2.9.2
purl pkg:pypi/ansible@2.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-5t77-f231-6ffg
2
vulnerability VCID-78m2-3fj5-tbh1
3
vulnerability VCID-7qnx-1gp2-v7bb
4
vulnerability VCID-833d-up6b-rfe1
5
vulnerability VCID-8u2v-jtqe-dqg3
6
vulnerability VCID-am9g-ba4h-sfhr
7
vulnerability VCID-cuq1-se5h-vygd
8
vulnerability VCID-cxts-25nq-4fcs
9
vulnerability VCID-dkds-s3ad-cufa
10
vulnerability VCID-ec6s-8f24-9bh7
11
vulnerability VCID-etb4-2qch-6kgw
12
vulnerability VCID-gm99-68bj-c3cz
13
vulnerability VCID-gxw4-ydnj-fkfe
14
vulnerability VCID-hjc4-jcfm-7be5
15
vulnerability VCID-hq4d-92s2-vqg6
16
vulnerability VCID-hs3w-mah1-ckb5
17
vulnerability VCID-mbj9-3bnb-wbda
18
vulnerability VCID-p4p5-29r5-8qh9
19
vulnerability VCID-pqj1-u787-g3aj
20
vulnerability VCID-ptg6-bwz8-pud8
21
vulnerability VCID-qztj-r7zc-jue3
22
vulnerability VCID-subj-aje2-93bk
23
vulnerability VCID-vhxq-1hqq-77bx
24
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2
aliases CVE-2019-14904, GHSA-gwr8-5j83-483c, PYSEC-2020-161
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsv2-4d8c-m3g1
27
url VCID-w2n8-uxbb-k7f9
vulnerability_id VCID-w2n8-uxbb-k7f9
summary A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685
1
reference_url https://github.com/advisories/GHSA-77g3-3j5w-64w4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-77g3-3j5w-64w4
2
reference_url https://github.com/ansible/ansible/pull/68433
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/68433
3
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.8.11
purl pkg:pypi/ansible@2.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-833d-up6b-rfe1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-ec6s-8f24-9bh7
6
vulnerability VCID-gm99-68bj-c3cz
7
vulnerability VCID-hjc4-jcfm-7be5
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11
1
url pkg:pypi/ansible@2.9.7
purl pkg:pypi/ansible@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-ec6s-8f24-9bh7
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hs3w-mah1-ckb5
8
vulnerability VCID-p4p5-29r5-8qh9
9
vulnerability VCID-pqj1-u787-g3aj
10
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7
aliases CVE-2020-10685, GHSA-77g3-3j5w-64w4, PYSEC-2020-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2n8-uxbb-k7f9
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.5