Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/14349?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/14349?format=api", "purl": "pkg:pypi/ansible@2.6.20", "type": "pypi", "namespace": "", "name": "ansible", "version": "2.6.20", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.0", "latest_non_vulnerable_version": "12.0.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35532?format=api", "vulnerability_id": "VCID-2z4k-r21v-rfgx", "summary": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736" }, { "reference_url": "https://github.com/advisories/GHSA-x7jh-595q-wq82", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x7jh-595q-wq82" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/issues/67794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67794" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", "reference_id": "CVE-2020-1736", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12523?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hpqa-ysnc-b7dw" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/15003?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/15004?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-ptg6-bwz8-pud8" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1736", "GHSA-x7jh-595q-wq82", "PYSEC-2020-8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2z4k-r21v-rfgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35533?format=api", "vulnerability_id": "VCID-7qnx-1gp2-v7bb", "summary": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735" }, { "reference_url": "https://github.com/advisories/GHSA-gfr2-qpxh-qj9m", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gfr2-qpxh-qj9m" }, { "reference_url": "https://github.com/ansible/ansible/issues/67793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67793" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12523?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hpqa-ysnc-b7dw" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/15003?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/15004?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-ptg6-bwz8-pud8" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1735", "GHSA-gfr2-qpxh-qj9m", "PYSEC-2020-7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qnx-1gp2-v7bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35811?format=api", "vulnerability_id": "VCID-833d-up6b-rfe1", "summary": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089" }, { "reference_url": "https://github.com/advisories/GHSA-r6h7-5pq2-j77h", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r6h7-5pq2-j77h" }, { "reference_url": "https://github.com/ansible/ansible/issues/34144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/34144" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15004?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-ptg6-bwz8-pud8" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-10729", "GHSA-r6h7-5pq2-j77h", "PYSEC-2021-105" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-833d-up6b-rfe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35785?format=api", "vulnerability_id": "VCID-8u2v-jtqe-dqg3", "summary": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002" }, { "reference_url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv" }, { "reference_url": "https://github.com/ansible/ansible/pull/73487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/73487" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18265?format=api", "purl": "pkg:pypi/ansible@2.9.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19" } ], "aliases": [ "CVE-2021-20228", "GHSA-5rrg-rr89-x9mv", "PYSEC-2021-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2v-jtqe-dqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35653?format=api", "vulnerability_id": "VCID-am9g-ba4h-sfhr", "summary": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible-collections/community.aws/issues/222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/issues/222" }, { "reference_url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635", "reference_id": "CVE-2020-25635", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635" }, { "reference_url": "https://github.com/advisories/GHSA-f556-49jc-4rvc", "reference_id": "GHSA-f556-49jc-4rvc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f556-49jc-4rvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18528?format=api", "purl": "pkg:pypi/ansible@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1" } ], "aliases": [ "CVE-2020-25635", "GHSA-f556-49jc-4rvc", "PYSEC-2020-220" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35529?format=api", "vulnerability_id": "VCID-cuq1-se5h-vygd", "summary": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753" }, { "reference_url": "https://github.com/advisories/GHSA-86hp-cj9j-33vv", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-86hp-cj9j-33vv" }, { "reference_url": "https://github.com/ansible-collections/kubernetes/pull/51", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/kubernetes/pull/51" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12524?format=api", "purl": "pkg:pypi/ansible@2.7.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hpqa-ysnc-b7dw" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/15098?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/15099?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-1753", "GHSA-86hp-cj9j-33vv", "PYSEC-2020-210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cuq1-se5h-vygd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35530?format=api", "vulnerability_id": "VCID-cxts-25nq-4fcs", "summary": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740" }, { "reference_url": "https://github.com/advisories/GHSA-vcg8-98q8-g7mj", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vcg8-98q8-g7mj" }, { "reference_url": "https://github.com/ansible/ansible/issues/67798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67798" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12523?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hpqa-ysnc-b7dw" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/15003?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/15004?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-ptg6-bwz8-pud8" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1740", "GHSA-vcg8-98q8-g7mj", "PYSEC-2020-12" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cxts-25nq-4fcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3444?format=api", "vulnerability_id": "VCID-dkds-s3ad-cufa", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767" }, { "reference_url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { "reference_url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0" }, { "reference_url": "https://security.archlinux.org/AVG-1941", "reference_id": "AVG-1941", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1941" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620", "reference_id": "CVE-2021-3620", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18281?format=api", "purl": "pkg:pypi/ansible@2.9.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27" } ], "aliases": [ "CVE-2021-3620", "GHSA-4r65-35qq-ch8j", "PYSEC-2022-164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dkds-s3ad-cufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7216?format=api", "vulnerability_id": "VCID-gm99-68bj-c3cz", "summary": "arbitrary command execution", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412" }, { "reference_url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm" }, { "reference_url": "https://security.archlinux.org/AVG-2260", "reference_id": "AVG-2260", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2260" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583", "reference_id": "CVE-2021-3583", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18273?format=api", "purl": "pkg:pypi/ansible@2.9.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23" } ], "aliases": [ "CVE-2021-3583", "GHSA-2pfh-q76x-gwvm", "PYSEC-2021-358" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gm99-68bj-c3cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35525?format=api", "vulnerability_id": "VCID-gxw4-ydnj-fkfe", "summary": "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739" }, { "reference_url": "https://github.com/advisories/GHSA-923p-fr2c-g5m2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-923p-fr2c-g5m2" }, { "reference_url": "https://github.com/ansible/ansible/issues/67797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67797" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12523?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hpqa-ysnc-b7dw" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/15003?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/15004?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-ptg6-bwz8-pud8" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1739", "GHSA-923p-fr2c-g5m2", "PYSEC-2020-11" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxw4-ydnj-fkfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7307?format=api", "vulnerability_id": "VCID-hjc4-jcfm-7be5", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477" }, { "reference_url": "https://security.archlinux.org/AVG-2056", "reference_id": "AVG-2056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2056" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22508?format=api", "purl": "pkg:pypi/ansible@3.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0" } ], "aliases": [ "CVE-2021-3533", "PYSEC-2021-126" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35520?format=api", "vulnerability_id": "VCID-hq4d-92s2-vqg6", "summary": "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733" }, { "reference_url": "https://github.com/advisories/GHSA-g4mq-6fp5-qwcf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g4mq-6fp5-qwcf" }, { "reference_url": "https://github.com/ansible/ansible/issues/67791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67791" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12523?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hpqa-ysnc-b7dw" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/14998?format=api", "purl": "pkg:pypi/ansible@2.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-7qnx-1gp2-v7bb" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-cxts-25nq-4fcs" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-etb4-2qch-6kgw" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-gxw4-ydnj-fkfe" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-mbj9-3bnb-wbda" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-subj-aje2-93bk" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/15004?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-ptg6-bwz8-pud8" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1733", "GHSA-g4mq-6fp5-qwcf", "PYSEC-2020-5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hq4d-92s2-vqg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35519?format=api", "vulnerability_id": "VCID-mbj9-3bnb-wbda", "summary": "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737" }, { "reference_url": "https://github.com/advisories/GHSA-893h-35v4-mxqx", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-893h-35v4-mxqx" }, { "reference_url": "https://github.com/ansible/ansible/issues/67795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67795" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12523?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hpqa-ysnc-b7dw" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/15003?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/15004?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-ptg6-bwz8-pud8" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1737", "GHSA-893h-35v4-mxqx", "PYSEC-2020-9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbj9-3bnb-wbda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35809?format=api", "vulnerability_id": "VCID-p4p5-29r5-8qh9", "summary": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" }, { "reference_url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18244?format=api", "purl": "pkg:pypi/ansible@2.8.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/18263?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/22088?format=api", "purl": "pkg:pypi/ansible@2.10.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjc4-jcfm-7be5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7" } ], "aliases": [ "CVE-2021-20191", "GHSA-8f4m-hccc-8qph", "PYSEC-2021-124" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p4p5-29r5-8qh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35808?format=api", "vulnerability_id": "VCID-pqj1-u787-g3aj", "summary": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774" }, { "reference_url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes," }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/1635,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.general/pull/1635," }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18263?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" } ], "aliases": [ "CVE-2021-20178", "GHSA-wv5p-gmmv-wh9v", "PYSEC-2021-106" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqj1-u787-g3aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35531?format=api", "vulnerability_id": "VCID-subj-aje2-93bk", "summary": "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738" }, { "reference_url": "https://github.com/advisories/GHSA-f85h-23mf-2fwh", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f85h-23mf-2fwh" }, { "reference_url": "https://github.com/ansible/ansible/issues/67796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67796" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12523?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hpqa-ysnc-b7dw" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/15003?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/15004?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-ptg6-bwz8-pud8" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1738", "GHSA-f85h-23mf-2fwh", "PYSEC-2020-10" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-subj-aje2-93bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35617?format=api", "vulnerability_id": "VCID-vhxq-1hqq-77bx", "summary": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330" }, { "reference_url": "https://github.com/advisories/GHSA-785x-qw4v-6872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-785x-qw4v-6872" }, { "reference_url": "https://github.com/ansible/ansible/issues/68400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/68400" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18294?format=api", "purl": "pkg:pypi/ansible@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0" } ], "aliases": [ "CVE-2020-14330", "GHSA-785x-qw4v-6872", "PYSEC-2020-3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35607?format=api", "vulnerability_id": "VCID-vsv2-4d8c-m3g1", "summary": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "reference_url": "https://github.com/advisories/GHSA-gwr8-5j83-483c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gwr8-5j83-483c" }, { "reference_url": "https://github.com/ansible/ansible/pull/65686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/65686" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12521?format=api", "purl": "pkg:pypi/ansible@2.7.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-7qnx-1gp2-v7bb" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-cxts-25nq-4fcs" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-etb4-2qch-6kgw" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-gxw4-ydnj-fkfe" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hpqa-ysnc-b7dw" }, { "vulnerability": "VCID-hq4d-92s2-vqg6" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-mbj9-3bnb-wbda" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-qztj-r7zc-jue3" }, { "vulnerability": "VCID-subj-aje2-93bk" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" }, { "vulnerability": "VCID-x4mr-vrp9-ufg6" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/14785?format=api", "purl": "pkg:pypi/ansible@2.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-7qnx-1gp2-v7bb" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-cxts-25nq-4fcs" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-etb4-2qch-6kgw" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-gxw4-ydnj-fkfe" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hq4d-92s2-vqg6" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-mbj9-3bnb-wbda" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-qztj-r7zc-jue3" }, { "vulnerability": "VCID-subj-aje2-93bk" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/14999?format=api", "purl": "pkg:pypi/ansible@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-7qnx-1gp2-v7bb" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-cxts-25nq-4fcs" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-etb4-2qch-6kgw" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-gxw4-ydnj-fkfe" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hq4d-92s2-vqg6" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-mbj9-3bnb-wbda" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-ptg6-bwz8-pud8" }, { "vulnerability": "VCID-qztj-r7zc-jue3" }, { "vulnerability": "VCID-subj-aje2-93bk" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2" } ], "aliases": [ "CVE-2019-14904", "GHSA-gwr8-5j83-483c", "PYSEC-2020-161" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vsv2-4d8c-m3g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35516?format=api", "vulnerability_id": "VCID-x4mr-vrp9-ufg6", "summary": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2020:0547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2020:0547" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2020:1539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2020:1539" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734" }, { "reference_url": "https://github.com/advisories/GHSA-h39q-95q5-9jfp", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h39q-95q5-9jfp" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b" }, { "reference_url": "https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0" }, { "reference_url": "https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f" }, { "reference_url": "https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0" }, { "reference_url": "https://github.com/ansible/ansible/issues/67792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67792" }, { "reference_url": "https://github.com/ansible/ansible/issues/70159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/70159" }, { "reference_url": "https://github.com/ansible/ansible/pull/70596", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/70596" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2020-1734", "reference_id": "CVE-2020-1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2020-1734" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", "reference_id": "CVE-2020-1734", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12523?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hpqa-ysnc-b7dw" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/15577?format=api", "purl": "pkg:pypi/ansible@2.8.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/18233?format=api", "purl": "pkg:pypi/ansible@2.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/18293?format=api", "purl": "pkg:pypi/ansible@2.10.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1" } ], "aliases": [ "CVE-2020-1734", "GHSA-h39q-95q5-9jfp", "PYSEC-2020-6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4mr-vrp9-ufg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35423?format=api", "vulnerability_id": "VCID-ykkx-swgs-vybn", "summary": "A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0756" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12532?format=api", "purl": "pkg:pypi/ansible@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sty-hqbq-63hy" }, { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-7ben-361w-tkdr" }, { "vulnerability": "VCID-7qnx-1gp2-v7bb" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-cxts-25nq-4fcs" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-etb4-2qch-6kgw" }, { "vulnerability": "VCID-frk2-9jfm-cybm" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-gxw4-ydnj-fkfe" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hq4d-92s2-vqg6" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-k8a2-5yfh-j7gp" }, { "vulnerability": "VCID-mbj9-3bnb-wbda" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-qztj-r7zc-jue3" }, { "vulnerability": "VCID-subj-aje2-93bk" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-vsv2-4d8c-m3g1" }, { "vulnerability": "VCID-vxkb-9p6a-5yan" }, { "vulnerability": "VCID-w1ap-atw2-qbc8" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1" } ], "aliases": [ "CVE-2019-14858", "PYSEC-2019-171" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykkx-swgs-vybn" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35418?format=api", "vulnerability_id": "VCID-1sty-hqbq-63hy", "summary": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0756" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846" }, { "reference_url": "https://github.com/ansible/ansible/pull/63366", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/63366" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14349?format=api", "purl": "pkg:pypi/ansible@2.6.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-7qnx-1gp2-v7bb" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-cxts-25nq-4fcs" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-gxw4-ydnj-fkfe" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hq4d-92s2-vqg6" }, { "vulnerability": "VCID-mbj9-3bnb-wbda" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-subj-aje2-93bk" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-vsv2-4d8c-m3g1" }, { "vulnerability": "VCID-x4mr-vrp9-ufg6" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/12520?format=api", "purl": "pkg:pypi/ansible@2.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-7ben-361w-tkdr" }, { "vulnerability": "VCID-7qnx-1gp2-v7bb" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-cxts-25nq-4fcs" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-etb4-2qch-6kgw" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-gxw4-ydnj-fkfe" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hpqa-ysnc-b7dw" }, { "vulnerability": "VCID-hq4d-92s2-vqg6" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-mbj9-3bnb-wbda" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-qztj-r7zc-jue3" }, { "vulnerability": "VCID-subj-aje2-93bk" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-vsv2-4d8c-m3g1" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" }, { "vulnerability": "VCID-x4mr-vrp9-ufg6" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/14350?format=api", "purl": "pkg:pypi/ansible@2.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-7ben-361w-tkdr" }, { "vulnerability": "VCID-7qnx-1gp2-v7bb" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-cxts-25nq-4fcs" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-etb4-2qch-6kgw" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-gxw4-ydnj-fkfe" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hq4d-92s2-vqg6" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-mbj9-3bnb-wbda" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-qztj-r7zc-jue3" }, { "vulnerability": "VCID-subj-aje2-93bk" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-vsv2-4d8c-m3g1" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6" } ], "aliases": [ "CVE-2019-14846", "PYSEC-2019-4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1sty-hqbq-63hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35447?format=api", "vulnerability_id": "VCID-frk2-9jfm-cybm", "summary": "ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0756" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14349?format=api", "purl": "pkg:pypi/ansible@2.6.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-7qnx-1gp2-v7bb" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-cxts-25nq-4fcs" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-gxw4-ydnj-fkfe" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hq4d-92s2-vqg6" }, { "vulnerability": "VCID-mbj9-3bnb-wbda" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-subj-aje2-93bk" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-vsv2-4d8c-m3g1" }, { "vulnerability": "VCID-x4mr-vrp9-ufg6" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/12520?format=api", "purl": "pkg:pypi/ansible@2.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-7ben-361w-tkdr" }, { "vulnerability": "VCID-7qnx-1gp2-v7bb" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-cxts-25nq-4fcs" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-etb4-2qch-6kgw" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-gxw4-ydnj-fkfe" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hpqa-ysnc-b7dw" }, { "vulnerability": "VCID-hq4d-92s2-vqg6" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-mbj9-3bnb-wbda" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-qztj-r7zc-jue3" }, { "vulnerability": "VCID-subj-aje2-93bk" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-vsv2-4d8c-m3g1" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" }, { "vulnerability": "VCID-x4mr-vrp9-ufg6" }, { "vulnerability": "VCID-ykkx-swgs-vybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/14350?format=api", "purl": "pkg:pypi/ansible@2.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-7ben-361w-tkdr" }, { "vulnerability": "VCID-7qnx-1gp2-v7bb" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-cxts-25nq-4fcs" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-etb4-2qch-6kgw" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-gxw4-ydnj-fkfe" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hq4d-92s2-vqg6" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-mbj9-3bnb-wbda" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-qztj-r7zc-jue3" }, { "vulnerability": "VCID-subj-aje2-93bk" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-vsv2-4d8c-m3g1" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6" } ], "aliases": [ "CVE-2019-14856", "PYSEC-2019-146" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-frk2-9jfm-cybm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20" }