Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ansible@2.7.0rc3
Typepypi
Namespace
Nameansible
Version2.7.0rc3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.0
Latest_non_vulnerable_version12.0.0
Affected_by_vulnerabilities
0
url VCID-2z4k-r21v-rfgx
vulnerability_id VCID-2z4k-r21v-rfgx
summary A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
1
reference_url https://github.com/advisories/GHSA-x7jh-595q-wq82
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-x7jh-595q-wq82
2
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
3
reference_url https://github.com/ansible/ansible/issues/67794
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67794
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/
9
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1736
reference_id CVE-2020-1736
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-1736
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-cuq1-se5h-vygd
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hpqa-ysnc-b7dw
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
12
vulnerability VCID-ykkx-swgs-vybn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1736, GHSA-x7jh-595q-wq82, PYSEC-2020-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2z4k-r21v-rfgx
1
url VCID-7qnx-1gp2-v7bb
vulnerability_id VCID-7qnx-1gp2-v7bb
summary A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
1
reference_url https://github.com/advisories/GHSA-gfr2-qpxh-qj9m
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-gfr2-qpxh-qj9m
2
reference_url https://github.com/ansible/ansible/issues/67793
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67793
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
6
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-cuq1-se5h-vygd
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hpqa-ysnc-b7dw
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
12
vulnerability VCID-ykkx-swgs-vybn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1735, GHSA-gfr2-qpxh-qj9m, PYSEC-2020-7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qnx-1gp2-v7bb
2
url VCID-833d-up6b-rfe1
vulnerability_id VCID-833d-up6b-rfe1
summary A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1831089
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1831089
1
reference_url https://github.com/advisories/GHSA-r6h7-5pq2-j77h
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-r6h7-5pq2-j77h
2
reference_url https://github.com/ansible/ansible/issues/34144
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/34144
fixed_packages
0
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-10729, GHSA-r6h7-5pq2-j77h, PYSEC-2021-105
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-833d-up6b-rfe1
3
url VCID-8u2v-jtqe-dqg3
vulnerability_id VCID-8u2v-jtqe-dqg3
summary A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1925002
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1925002
1
reference_url https://github.com/advisories/GHSA-5rrg-rr89-x9mv
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5rrg-rr89-x9mv
2
reference_url https://github.com/ansible/ansible/pull/73487
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/73487
fixed_packages
0
url pkg:pypi/ansible@2.9.19
purl pkg:pypi/ansible@2.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am9g-ba4h-sfhr
1
vulnerability VCID-dkds-s3ad-cufa
2
vulnerability VCID-gm99-68bj-c3cz
3
vulnerability VCID-hjc4-jcfm-7be5
4
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19
aliases CVE-2021-20228, GHSA-5rrg-rr89-x9mv, PYSEC-2021-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2v-jtqe-dqg3
4
url VCID-am9g-ba4h-sfhr
vulnerability_id VCID-am9g-ba4h-sfhr
summary A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
1
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
2
reference_url https://github.com/ansible-collections/community.aws/issues/222
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/issues/222
3
reference_url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
reference_id CVE-2020-25635
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
6
reference_url https://github.com/advisories/GHSA-f556-49jc-4rvc
reference_id GHSA-f556-49jc-4rvc
reference_type
scores
url https://github.com/advisories/GHSA-f556-49jc-4rvc
fixed_packages
0
url pkg:pypi/ansible@2.10.1
purl pkg:pypi/ansible@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hjc4-jcfm-7be5
1
vulnerability VCID-p4p5-29r5-8qh9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1
aliases CVE-2020-25635, GHSA-f556-49jc-4rvc, PYSEC-2020-220
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr
5
url VCID-cuq1-se5h-vygd
vulnerability_id VCID-cuq1-se5h-vygd
summary A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753
1
reference_url https://github.com/advisories/GHSA-86hp-cj9j-33vv
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-86hp-cj9j-33vv
2
reference_url https://github.com/ansible-collections/kubernetes/pull/51
reference_id
reference_type
scores
url https://github.com/ansible-collections/kubernetes/pull/51
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
6
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.18
purl pkg:pypi/ansible@2.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-gm99-68bj-c3cz
5
vulnerability VCID-hjc4-jcfm-7be5
6
vulnerability VCID-hpqa-ysnc-b7dw
7
vulnerability VCID-hs3w-mah1-ckb5
8
vulnerability VCID-p4p5-29r5-8qh9
9
vulnerability VCID-pqj1-u787-g3aj
10
vulnerability VCID-vhxq-1hqq-77bx
11
vulnerability VCID-ykkx-swgs-vybn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18
1
url pkg:pypi/ansible@2.8.11
purl pkg:pypi/ansible@2.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-833d-up6b-rfe1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-ec6s-8f24-9bh7
6
vulnerability VCID-gm99-68bj-c3cz
7
vulnerability VCID-hjc4-jcfm-7be5
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11
2
url pkg:pypi/ansible@2.9.7
purl pkg:pypi/ansible@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-ec6s-8f24-9bh7
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hs3w-mah1-ckb5
8
vulnerability VCID-p4p5-29r5-8qh9
9
vulnerability VCID-pqj1-u787-g3aj
10
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7
aliases CVE-2020-1753, GHSA-86hp-cj9j-33vv, PYSEC-2020-210
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cuq1-se5h-vygd
6
url VCID-cxts-25nq-4fcs
vulnerability_id VCID-cxts-25nq-4fcs
summary A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
1
reference_url https://github.com/advisories/GHSA-vcg8-98q8-g7mj
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vcg8-98q8-g7mj
2
reference_url https://github.com/ansible/ansible/issues/67798
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67798
3
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
7
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-cuq1-se5h-vygd
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hpqa-ysnc-b7dw
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
12
vulnerability VCID-ykkx-swgs-vybn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1740, GHSA-vcg8-98q8-g7mj, PYSEC-2020-12
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxts-25nq-4fcs
7
url VCID-dkds-s3ad-cufa
vulnerability_id VCID-dkds-s3ad-cufa
summary information disclosure
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1975767
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1975767
1
reference_url https://github.com/advisories/GHSA-4r65-35qq-ch8j
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-4r65-35qq-ch8j
2
reference_url https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
reference_id
reference_type
scores
url https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
3
reference_url https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
4
reference_url https://security.archlinux.org/AVG-1941
reference_id AVG-1941
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1941
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3620
reference_id CVE-2021-3620
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3620
fixed_packages
0
url pkg:pypi/ansible@2.9.27
purl pkg:pypi/ansible@2.9.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am9g-ba4h-sfhr
1
vulnerability VCID-hjc4-jcfm-7be5
2
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27
aliases CVE-2021-3620, GHSA-4r65-35qq-ch8j, PYSEC-2022-164
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dkds-s3ad-cufa
8
url VCID-gm99-68bj-c3cz
vulnerability_id VCID-gm99-68bj-c3cz
summary arbitrary command execution
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1968412
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1968412
1
reference_url https://github.com/advisories/GHSA-2pfh-q76x-gwvm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2pfh-q76x-gwvm
2
reference_url https://security.archlinux.org/AVG-2260
reference_id AVG-2260
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2260
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3583
reference_id CVE-2021-3583
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3583
fixed_packages
0
url pkg:pypi/ansible@2.9.23
purl pkg:pypi/ansible@2.9.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am9g-ba4h-sfhr
1
vulnerability VCID-dkds-s3ad-cufa
2
vulnerability VCID-hjc4-jcfm-7be5
3
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23
aliases CVE-2021-3583, GHSA-2pfh-q76x-gwvm, PYSEC-2021-358
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gm99-68bj-c3cz
9
url VCID-gxw4-ydnj-fkfe
vulnerability_id VCID-gxw4-ydnj-fkfe
summary A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
1
reference_url https://github.com/advisories/GHSA-923p-fr2c-g5m2
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-923p-fr2c-g5m2
2
reference_url https://github.com/ansible/ansible/issues/67797
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67797
3
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-cuq1-se5h-vygd
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hpqa-ysnc-b7dw
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
12
vulnerability VCID-ykkx-swgs-vybn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1739, GHSA-923p-fr2c-g5m2, PYSEC-2020-11
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxw4-ydnj-fkfe
10
url VCID-hjc4-jcfm-7be5
vulnerability_id VCID-hjc4-jcfm-7be5
summary information disclosure
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
1
reference_url https://security.archlinux.org/AVG-2056
reference_id AVG-2056
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2056
fixed_packages
0
url pkg:pypi/ansible@3.0.0
purl pkg:pypi/ansible@3.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0
aliases CVE-2021-3533, PYSEC-2021-126
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5
11
url VCID-hq4d-92s2-vqg6
vulnerability_id VCID-hq4d-92s2-vqg6
summary A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733
1
reference_url https://github.com/advisories/GHSA-g4mq-6fp5-qwcf
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-g4mq-6fp5-qwcf
2
reference_url https://github.com/ansible/ansible/issues/67791
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67791
3
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
7
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-cuq1-se5h-vygd
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hpqa-ysnc-b7dw
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
12
vulnerability VCID-ykkx-swgs-vybn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.8
purl pkg:pypi/ansible@2.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-5t77-f231-6ffg
2
vulnerability VCID-78m2-3fj5-tbh1
3
vulnerability VCID-7qnx-1gp2-v7bb
4
vulnerability VCID-833d-up6b-rfe1
5
vulnerability VCID-8u2v-jtqe-dqg3
6
vulnerability VCID-am9g-ba4h-sfhr
7
vulnerability VCID-cuq1-se5h-vygd
8
vulnerability VCID-cxts-25nq-4fcs
9
vulnerability VCID-dkds-s3ad-cufa
10
vulnerability VCID-ec6s-8f24-9bh7
11
vulnerability VCID-etb4-2qch-6kgw
12
vulnerability VCID-gm99-68bj-c3cz
13
vulnerability VCID-gxw4-ydnj-fkfe
14
vulnerability VCID-hjc4-jcfm-7be5
15
vulnerability VCID-hs3w-mah1-ckb5
16
vulnerability VCID-mbj9-3bnb-wbda
17
vulnerability VCID-p4p5-29r5-8qh9
18
vulnerability VCID-pqj1-u787-g3aj
19
vulnerability VCID-subj-aje2-93bk
20
vulnerability VCID-vhxq-1hqq-77bx
21
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1733, GHSA-g4mq-6fp5-qwcf, PYSEC-2020-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hq4d-92s2-vqg6
12
url VCID-mbj9-3bnb-wbda
vulnerability_id VCID-mbj9-3bnb-wbda
summary A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737
1
reference_url https://github.com/advisories/GHSA-893h-35v4-mxqx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-893h-35v4-mxqx
2
reference_url https://github.com/ansible/ansible/issues/67795
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67795
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
6
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-cuq1-se5h-vygd
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hpqa-ysnc-b7dw
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
12
vulnerability VCID-ykkx-swgs-vybn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1737, GHSA-893h-35v4-mxqx, PYSEC-2020-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbj9-3bnb-wbda
13
url VCID-p4p5-29r5-8qh9
vulnerability_id VCID-p4p5-29r5-8qh9
summary A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1916813
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1916813
1
reference_url https://github.com/advisories/GHSA-8f4m-hccc-8qph
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8f4m-hccc-8qph
fixed_packages
0
url pkg:pypi/ansible@2.8.19
purl pkg:pypi/ansible@2.8.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-gm99-68bj-c3cz
5
vulnerability VCID-hjc4-jcfm-7be5
6
vulnerability VCID-pqj1-u787-g3aj
7
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19
1
url pkg:pypi/ansible@2.9.18
purl pkg:pypi/ansible@2.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8u2v-jtqe-dqg3
1
vulnerability VCID-am9g-ba4h-sfhr
2
vulnerability VCID-dkds-s3ad-cufa
3
vulnerability VCID-gm99-68bj-c3cz
4
vulnerability VCID-hjc4-jcfm-7be5
5
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18
2
url pkg:pypi/ansible@2.10.7
purl pkg:pypi/ansible@2.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hjc4-jcfm-7be5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7
aliases CVE-2021-20191, GHSA-8f4m-hccc-8qph, PYSEC-2021-124
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4p5-29r5-8qh9
14
url VCID-pqj1-u787-g3aj
vulnerability_id VCID-pqj1-u787-g3aj
summary A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1914774
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1914774
1
reference_url https://github.com/advisories/GHSA-wv5p-gmmv-wh9v
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-wv5p-gmmv-wh9v
2
reference_url https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,
reference_id
reference_type
scores
url https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,
3
reference_url https://github.com/ansible-collections/community.general/pull/1635,
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.general/pull/1635,
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/
fixed_packages
0
url pkg:pypi/ansible@2.9.18
purl pkg:pypi/ansible@2.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8u2v-jtqe-dqg3
1
vulnerability VCID-am9g-ba4h-sfhr
2
vulnerability VCID-dkds-s3ad-cufa
3
vulnerability VCID-gm99-68bj-c3cz
4
vulnerability VCID-hjc4-jcfm-7be5
5
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18
aliases CVE-2021-20178, GHSA-wv5p-gmmv-wh9v, PYSEC-2021-106
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqj1-u787-g3aj
15
url VCID-subj-aje2-93bk
vulnerability_id VCID-subj-aje2-93bk
summary A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738
1
reference_url https://github.com/advisories/GHSA-f85h-23mf-2fwh
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-f85h-23mf-2fwh
2
reference_url https://github.com/ansible/ansible/issues/67796
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67796
3
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-cuq1-se5h-vygd
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hpqa-ysnc-b7dw
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
12
vulnerability VCID-ykkx-swgs-vybn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-833d-up6b-rfe1
3
vulnerability VCID-8u2v-jtqe-dqg3
4
vulnerability VCID-am9g-ba4h-sfhr
5
vulnerability VCID-cuq1-se5h-vygd
6
vulnerability VCID-dkds-s3ad-cufa
7
vulnerability VCID-ec6s-8f24-9bh7
8
vulnerability VCID-gm99-68bj-c3cz
9
vulnerability VCID-hjc4-jcfm-7be5
10
vulnerability VCID-hs3w-mah1-ckb5
11
vulnerability VCID-p4p5-29r5-8qh9
12
vulnerability VCID-pqj1-u787-g3aj
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-cuq1-se5h-vygd
5
vulnerability VCID-dkds-s3ad-cufa
6
vulnerability VCID-ec6s-8f24-9bh7
7
vulnerability VCID-gm99-68bj-c3cz
8
vulnerability VCID-hjc4-jcfm-7be5
9
vulnerability VCID-hs3w-mah1-ckb5
10
vulnerability VCID-p4p5-29r5-8qh9
11
vulnerability VCID-pqj1-u787-g3aj
12
vulnerability VCID-ptg6-bwz8-pud8
13
vulnerability VCID-vhxq-1hqq-77bx
14
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1738, GHSA-f85h-23mf-2fwh, PYSEC-2020-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-subj-aje2-93bk
16
url VCID-vhxq-1hqq-77bx
vulnerability_id VCID-vhxq-1hqq-77bx
summary An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
1
reference_url https://github.com/advisories/GHSA-785x-qw4v-6872
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-785x-qw4v-6872
2
reference_url https://github.com/ansible/ansible/issues/68400
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/68400
fixed_packages
0
url pkg:pypi/ansible@2.10.0
purl pkg:pypi/ansible@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-am9g-ba4h-sfhr
2
vulnerability VCID-hjc4-jcfm-7be5
3
vulnerability VCID-p4p5-29r5-8qh9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0
aliases CVE-2020-14330, GHSA-785x-qw4v-6872, PYSEC-2020-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx
17
url VCID-vsv2-4d8c-m3g1
vulnerability_id VCID-vsv2-4d8c-m3g1
summary A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1776944
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1776944
1
reference_url https://github.com/advisories/GHSA-gwr8-5j83-483c
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-gwr8-5j83-483c
2
reference_url https://github.com/ansible/ansible/pull/65686
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/65686
3
reference_url https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
fixed_packages
0
url pkg:pypi/ansible@2.7.15
purl pkg:pypi/ansible@2.7.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-78m2-3fj5-tbh1
2
vulnerability VCID-7qnx-1gp2-v7bb
3
vulnerability VCID-833d-up6b-rfe1
4
vulnerability VCID-8u2v-jtqe-dqg3
5
vulnerability VCID-am9g-ba4h-sfhr
6
vulnerability VCID-cuq1-se5h-vygd
7
vulnerability VCID-cxts-25nq-4fcs
8
vulnerability VCID-dkds-s3ad-cufa
9
vulnerability VCID-etb4-2qch-6kgw
10
vulnerability VCID-gm99-68bj-c3cz
11
vulnerability VCID-gxw4-ydnj-fkfe
12
vulnerability VCID-hjc4-jcfm-7be5
13
vulnerability VCID-hpqa-ysnc-b7dw
14
vulnerability VCID-hq4d-92s2-vqg6
15
vulnerability VCID-hs3w-mah1-ckb5
16
vulnerability VCID-mbj9-3bnb-wbda
17
vulnerability VCID-p4p5-29r5-8qh9
18
vulnerability VCID-pqj1-u787-g3aj
19
vulnerability VCID-qztj-r7zc-jue3
20
vulnerability VCID-subj-aje2-93bk
21
vulnerability VCID-vhxq-1hqq-77bx
22
vulnerability VCID-w2n8-uxbb-k7f9
23
vulnerability VCID-x4mr-vrp9-ufg6
24
vulnerability VCID-ykkx-swgs-vybn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15
1
url pkg:pypi/ansible@2.8.7
purl pkg:pypi/ansible@2.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-5t77-f231-6ffg
2
vulnerability VCID-78m2-3fj5-tbh1
3
vulnerability VCID-7qnx-1gp2-v7bb
4
vulnerability VCID-833d-up6b-rfe1
5
vulnerability VCID-8u2v-jtqe-dqg3
6
vulnerability VCID-am9g-ba4h-sfhr
7
vulnerability VCID-cuq1-se5h-vygd
8
vulnerability VCID-cxts-25nq-4fcs
9
vulnerability VCID-dkds-s3ad-cufa
10
vulnerability VCID-ec6s-8f24-9bh7
11
vulnerability VCID-etb4-2qch-6kgw
12
vulnerability VCID-gm99-68bj-c3cz
13
vulnerability VCID-gxw4-ydnj-fkfe
14
vulnerability VCID-hjc4-jcfm-7be5
15
vulnerability VCID-hq4d-92s2-vqg6
16
vulnerability VCID-hs3w-mah1-ckb5
17
vulnerability VCID-mbj9-3bnb-wbda
18
vulnerability VCID-p4p5-29r5-8qh9
19
vulnerability VCID-pqj1-u787-g3aj
20
vulnerability VCID-qztj-r7zc-jue3
21
vulnerability VCID-subj-aje2-93bk
22
vulnerability VCID-vhxq-1hqq-77bx
23
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7
2
url pkg:pypi/ansible@2.9.2
purl pkg:pypi/ansible@2.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-5t77-f231-6ffg
2
vulnerability VCID-78m2-3fj5-tbh1
3
vulnerability VCID-7qnx-1gp2-v7bb
4
vulnerability VCID-833d-up6b-rfe1
5
vulnerability VCID-8u2v-jtqe-dqg3
6
vulnerability VCID-am9g-ba4h-sfhr
7
vulnerability VCID-cuq1-se5h-vygd
8
vulnerability VCID-cxts-25nq-4fcs
9
vulnerability VCID-dkds-s3ad-cufa
10
vulnerability VCID-ec6s-8f24-9bh7
11
vulnerability VCID-etb4-2qch-6kgw
12
vulnerability VCID-gm99-68bj-c3cz
13
vulnerability VCID-gxw4-ydnj-fkfe
14
vulnerability VCID-hjc4-jcfm-7be5
15
vulnerability VCID-hq4d-92s2-vqg6
16
vulnerability VCID-hs3w-mah1-ckb5
17
vulnerability VCID-mbj9-3bnb-wbda
18
vulnerability VCID-p4p5-29r5-8qh9
19
vulnerability VCID-pqj1-u787-g3aj
20
vulnerability VCID-ptg6-bwz8-pud8
21
vulnerability VCID-qztj-r7zc-jue3
22
vulnerability VCID-subj-aje2-93bk
23
vulnerability VCID-vhxq-1hqq-77bx
24
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2
aliases CVE-2019-14904, GHSA-gwr8-5j83-483c, PYSEC-2020-161
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsv2-4d8c-m3g1
18
url VCID-x4mr-vrp9-ufg6
vulnerability_id VCID-x4mr-vrp9-ufg6
summary A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
references
0
reference_url https://access.redhat.com/errata/RHBA-2020:0547
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2020:0547
1
reference_url https://access.redhat.com/errata/RHBA-2020:1539
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2020:1539
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1801804
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1801804
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734
4
reference_url https://github.com/advisories/GHSA-h39q-95q5-9jfp
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-h39q-95q5-9jfp
5
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
6
reference_url https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b
7
reference_url https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0
8
reference_url https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f
9
reference_url https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0
10
reference_url https://github.com/ansible/ansible/issues/67792
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67792
11
reference_url https://github.com/ansible/ansible/issues/70159
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/70159
12
reference_url https://github.com/ansible/ansible/pull/70596
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/70596
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml
14
reference_url https://access.redhat.com/security/cve/CVE-2020-1734
reference_id CVE-2020-1734
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2020-1734
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1734
reference_id CVE-2020-1734
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-1734
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-cuq1-se5h-vygd
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hpqa-ysnc-b7dw
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
12
vulnerability VCID-ykkx-swgs-vybn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.13
purl pkg:pypi/ansible@2.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-833d-up6b-rfe1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-ec6s-8f24-9bh7
6
vulnerability VCID-gm99-68bj-c3cz
7
vulnerability VCID-hjc4-jcfm-7be5
8
vulnerability VCID-p4p5-29r5-8qh9
9
vulnerability VCID-pqj1-u787-g3aj
10
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13
2
url pkg:pypi/ansible@2.9.11
purl pkg:pypi/ansible@2.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-ec6s-8f24-9bh7
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-p4p5-29r5-8qh9
8
vulnerability VCID-pqj1-u787-g3aj
9
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.11
3
url pkg:pypi/ansible@2.10.0rc1
purl pkg:pypi/ansible@2.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am9g-ba4h-sfhr
1
vulnerability VCID-hjc4-jcfm-7be5
2
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1
aliases CVE-2020-1734, GHSA-h39q-95q5-9jfp, PYSEC-2020-6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4mr-vrp9-ufg6
19
url VCID-ykkx-swgs-vybn
vulnerability_id VCID-ykkx-swgs-vybn
summary A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:3201
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3201
3
reference_url https://access.redhat.com/errata/RHSA-2019:3202
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3202
4
reference_url https://access.redhat.com/errata/RHSA-2019:3203
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3203
5
reference_url https://access.redhat.com/errata/RHSA-2019:3207
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3207
6
reference_url https://access.redhat.com/errata/RHSA-2020:0756
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0756
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
fixed_packages
0
url pkg:pypi/ansible@2.8.1
purl pkg:pypi/ansible@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sty-hqbq-63hy
1
vulnerability VCID-2z4k-r21v-rfgx
2
vulnerability VCID-5t77-f231-6ffg
3
vulnerability VCID-78m2-3fj5-tbh1
4
vulnerability VCID-7ben-361w-tkdr
5
vulnerability VCID-7qnx-1gp2-v7bb
6
vulnerability VCID-833d-up6b-rfe1
7
vulnerability VCID-8u2v-jtqe-dqg3
8
vulnerability VCID-am9g-ba4h-sfhr
9
vulnerability VCID-cuq1-se5h-vygd
10
vulnerability VCID-cxts-25nq-4fcs
11
vulnerability VCID-dkds-s3ad-cufa
12
vulnerability VCID-ec6s-8f24-9bh7
13
vulnerability VCID-etb4-2qch-6kgw
14
vulnerability VCID-frk2-9jfm-cybm
15
vulnerability VCID-gm99-68bj-c3cz
16
vulnerability VCID-gxw4-ydnj-fkfe
17
vulnerability VCID-hjc4-jcfm-7be5
18
vulnerability VCID-hq4d-92s2-vqg6
19
vulnerability VCID-hs3w-mah1-ckb5
20
vulnerability VCID-k8a2-5yfh-j7gp
21
vulnerability VCID-mbj9-3bnb-wbda
22
vulnerability VCID-p4p5-29r5-8qh9
23
vulnerability VCID-pqj1-u787-g3aj
24
vulnerability VCID-qztj-r7zc-jue3
25
vulnerability VCID-subj-aje2-93bk
26
vulnerability VCID-vhxq-1hqq-77bx
27
vulnerability VCID-vsv2-4d8c-m3g1
28
vulnerability VCID-vxkb-9p6a-5yan
29
vulnerability VCID-w1ap-atw2-qbc8
30
vulnerability VCID-w2n8-uxbb-k7f9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1
aliases CVE-2019-14858, PYSEC-2019-171
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykkx-swgs-vybn
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.0rc3