Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/18234?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/18234?format=api", "purl": "pkg:pypi/ansible@2.8.14", "type": "pypi", "namespace": "", "name": "ansible", "version": "2.8.14", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.0", "latest_non_vulnerable_version": "12.0.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35623?format=api", "vulnerability_id": "VCID-5t77-f231-6ffg", "summary": "A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869154" }, { "reference_url": "https://github.com/advisories/GHSA-m429-fhmv-c6q2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m429-fhmv-c6q2" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275" }, { "reference_url": "https://github.com/ansible/ansible/commit/1fa2d5fd6b768120b76a77929e27302b06accc0c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/1fa2d5fd6b768120b76a77929e27302b06accc0c" }, { "reference_url": "https://github.com/ansible/ansible/commit/9bea33ffa3be3d64827f59882d95b817cfab9b7e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/9bea33ffa3be3d64827f59882d95b817cfab9b7e" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-209.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-209.yaml" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14365", "reference_id": "CVE-2020-14365", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14365" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18236?format=api", "purl": "pkg:pypi/ansible@2.8.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/18237?format=api", "purl": "pkg:pypi/ansible@2.8.16rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.16rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/18253?format=api", "purl": "pkg:pypi/ansible@2.9.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/18254?format=api", "purl": "pkg:pypi/ansible@2.9.14rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.14rc1" } ], "aliases": [ "CVE-2020-14365", "GHSA-m429-fhmv-c6q2", "PYSEC-2020-209" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5t77-f231-6ffg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35811?format=api", "vulnerability_id": "VCID-833d-up6b-rfe1", "summary": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089" }, { "reference_url": "https://github.com/advisories/GHSA-r6h7-5pq2-j77h", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r6h7-5pq2-j77h" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.6/changelogs/CHANGELOG-v2.9.rst", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/v2.9.6/changelogs/CHANGELOG-v2.9.rst" }, { "reference_url": "https://github.com/ansible/ansible/commit/c520d70bf4748c8ee6718a7d0d0254051ba1c2e9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/c520d70bf4748c8ee6718a7d0d0254051ba1c2e9" }, { "reference_url": "https://github.com/ansible/ansible/issues/34144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/34144" }, { "reference_url": "https://github.com/ansible/ansible/pull/67429", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/67429" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-105.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-105.yaml" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10729", "reference_id": "CVE-2020-10729", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10729" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15004?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-ptg6-bwz8-pud8" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-10729", "GHSA-r6h7-5pq2-j77h", "PYSEC-2021-105" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-833d-up6b-rfe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35785?format=api", "vulnerability_id": "VCID-8u2v-jtqe-dqg3", "summary": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002" }, { "reference_url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv" }, { "reference_url": "https://github.com/ansible/ansible/pull/73487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/73487" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20228", "reference_id": "CVE-2021-20228", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20228" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14786?format=api", "purl": "pkg:pypi/ansible@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-78m2-3fj5-tbh1" }, { "vulnerability": "VCID-7ben-361w-tkdr" }, { "vulnerability": "VCID-7qnx-1gp2-v7bb" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-cuq1-se5h-vygd" }, { "vulnerability": "VCID-cxts-25nq-4fcs" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-ec6s-8f24-9bh7" }, { "vulnerability": "VCID-etb4-2qch-6kgw" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-gxw4-ydnj-fkfe" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-hq4d-92s2-vqg6" }, { "vulnerability": "VCID-hs3w-mah1-ckb5" }, { "vulnerability": "VCID-mbj9-3bnb-wbda" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-ptg6-bwz8-pud8" }, { "vulnerability": "VCID-qztj-r7zc-jue3" }, { "vulnerability": "VCID-subj-aje2-93bk" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" }, { "vulnerability": "VCID-vsv2-4d8c-m3g1" }, { "vulnerability": "VCID-w2n8-uxbb-k7f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/18265?format=api", "purl": "pkg:pypi/ansible@2.9.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19" } ], "aliases": [ "CVE-2021-20228", "GHSA-5rrg-rr89-x9mv", "PYSEC-2021-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2v-jtqe-dqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35653?format=api", "vulnerability_id": "VCID-am9g-ba4h-sfhr", "summary": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible-collections/community.aws/issues/222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/issues/222" }, { "reference_url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635", "reference_id": "CVE-2020-25635", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635" }, { "reference_url": "https://github.com/advisories/GHSA-f556-49jc-4rvc", "reference_id": "GHSA-f556-49jc-4rvc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f556-49jc-4rvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18528?format=api", "purl": "pkg:pypi/ansible@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-t2da-uh4n-yya2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1" } ], "aliases": [ "CVE-2020-25635", "GHSA-f556-49jc-4rvc", "PYSEC-2020-220" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3444?format=api", "vulnerability_id": "VCID-dkds-s3ad-cufa", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767" }, { "reference_url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { "reference_url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0" }, { "reference_url": "https://security.archlinux.org/AVG-1941", "reference_id": "AVG-1941", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1941" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620", "reference_id": "CVE-2021-3620", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18281?format=api", "purl": "pkg:pypi/ansible@2.9.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27" } ], "aliases": [ "CVE-2021-3620", "GHSA-4r65-35qq-ch8j", "PYSEC-2022-164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dkds-s3ad-cufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7216?format=api", "vulnerability_id": "VCID-gm99-68bj-c3cz", "summary": "arbitrary command execution", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412" }, { "reference_url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm" }, { "reference_url": "https://security.archlinux.org/AVG-2260", "reference_id": "AVG-2260", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2260" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583", "reference_id": "CVE-2021-3583", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18273?format=api", "purl": "pkg:pypi/ansible@2.9.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23" } ], "aliases": [ "CVE-2021-3583", "GHSA-2pfh-q76x-gwvm", "PYSEC-2021-358" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gm99-68bj-c3cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7307?format=api", "vulnerability_id": "VCID-hjc4-jcfm-7be5", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477" }, { "reference_url": "https://security.archlinux.org/AVG-2056", "reference_id": "AVG-2056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2056" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3533", "reference_id": "CVE-2021-3533", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3533" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22508?format=api", "purl": "pkg:pypi/ansible@3.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0" } ], "aliases": [ "CVE-2021-3533", "PYSEC-2021-126" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35809?format=api", "vulnerability_id": "VCID-p4p5-29r5-8qh9", "summary": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" }, { "reference_url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0" }, { "reference_url": "https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc" }, { "reference_url": "https://github.com/ansible/ansible/pull/73488", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/73488" }, { "reference_url": "https://github.com/ansible/ansible/pull/73489", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/73489" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-20191", "reference_id": "CVE-2021-20191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191", "reference_id": "CVE-2021-20191", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18243?format=api", "purl": "pkg:pypi/ansible@2.8.19rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/18244?format=api", "purl": "pkg:pypi/ansible@2.8.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/18262?format=api", "purl": "pkg:pypi/ansible@2.9.18rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/18263?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/22088?format=api", "purl": "pkg:pypi/ansible@2.10.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjc4-jcfm-7be5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7" } ], "aliases": [ "CVE-2021-20191", "GHSA-8f4m-hccc-8qph", "PYSEC-2021-124" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p4p5-29r5-8qh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35808?format=api", "vulnerability_id": "VCID-pqj1-u787-g3aj", "summary": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774" }, { "reference_url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes," }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C" }, { "reference_url": "https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc" }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/1635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.general/pull/1635" }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/1635,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.general/pull/1635," }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20178", "reference_id": "CVE-2021-20178", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20178" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18263?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" } ], "aliases": [ "CVE-2021-20178", "GHSA-wv5p-gmmv-wh9v", "PYSEC-2021-106" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqj1-u787-g3aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35617?format=api", "vulnerability_id": "VCID-vhxq-1hqq-77bx", "summary": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330" }, { "reference_url": "https://github.com/advisories/GHSA-785x-qw4v-6872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-785x-qw4v-6872" }, { "reference_url": "https://github.com/ansible/ansible/issues/68400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/68400" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14330", "reference_id": "CVE-2020-14330", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14330" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18235?format=api", "purl": "pkg:pypi/ansible@2.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/18294?format=api", "purl": "pkg:pypi/ansible@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0" } ], "aliases": [ "CVE-2020-14330", "GHSA-785x-qw4v-6872", "PYSEC-2020-3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35616?format=api", "vulnerability_id": "VCID-ec6s-8f24-9bh7", "summary": "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332" }, { "reference_url": "https://github.com/advisories/GHSA-j667-c2hm-f2wp", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j667-c2hm-f2wp" }, { "reference_url": "https://github.com/ansible/ansible/pull/71033", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/71033" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14332", "reference_id": "CVE-2020-14332", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14332" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18234?format=api", "purl": "pkg:pypi/ansible@2.8.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-833d-up6b-rfe1" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/18235?format=api", "purl": "pkg:pypi/ansible@2.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5t77-f231-6ffg" }, { "vulnerability": "VCID-8u2v-jtqe-dqg3" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" }, { "vulnerability": "VCID-pqj1-u787-g3aj" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12" } ], "aliases": [ "CVE-2020-14332", "GHSA-j667-c2hm-f2wp", "PYSEC-2020-4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ec6s-8f24-9bh7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.14" }