Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4286?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4286?format=api", "purl": "pkg:pypi/ansible@2.0.0", "type": "pypi", "namespace": "", "name": "ansible", "version": "2.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "12.0.0", "latest_non_vulnerable_version": "12.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5705?format=api", "vulnerability_id": "VCID-3jh2-znva-2bb6", "summary": "transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0591", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0646", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1124", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1125", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1213", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1274", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1328", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1328" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1525", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1525" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1972", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1972" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7750.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7750.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13825", "scoring_system": "epss", "scoring_elements": "0.94289", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.21328", "scoring_system": "epss", "scoring_elements": "0.95669", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.21328", "scoring_system": "epss", "scoring_elements": "0.95672", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.21328", "scoring_system": "epss", "scoring_elements": "0.9568", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.21328", "scoring_system": "epss", "scoring_elements": "0.95688", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.21328", "scoring_system": "epss", "scoring_elements": "0.95684", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.21328", "scoring_system": "epss", "scoring_elements": "0.95655", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.21328", "scoring_system": "epss", "scoring_elements": "0.95664", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7750" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-232r-66cg-79px", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-232r-66cg-79px" }, { "reference_url": "https://github.com/paramiko/paramiko", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/paramiko/paramiko" }, { "reference_url": "https://github.com/paramiko/paramiko/blob/e861c7697622774071ce73b46ffe8817eacdedfa/sites/www/changelog.rst?plain=1#L759-L763", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/paramiko/paramiko/blob/e861c7697622774071ce73b46ffe8817eacdedfa/sites/www/changelog.rst?plain=1#L759-L763" }, { "reference_url": "https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst" }, { "reference_url": "https://github.com/paramiko/paramiko/commit/e9dfd854bdaf8af15d7834f7502a0451d217bb8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/paramiko/paramiko/commit/e9dfd854bdaf8af15d7834f7502a0451d217bb8c" }, { "reference_url": "https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516" }, { "reference_url": "https://github.com/paramiko/paramiko/issues/1175", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/paramiko/paramiko/issues/1175" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-19.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-19.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html" }, { "reference_url": "https://usn.ubuntu.com/3603-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3603-1" }, { "reference_url": "https://usn.ubuntu.com/3603-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3603-1/" }, { "reference_url": "https://usn.ubuntu.com/3603-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3603-2" }, { "reference_url": "https://usn.ubuntu.com/3603-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3603-2/" }, { "reference_url": "https://web.archive.org/web/20190831123128/http://www.securityfocus.com/bid/103713", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20190831123128/http://www.securityfocus.com/bid/103713" }, { "reference_url": "https://www.exploit-db.com/exploits/45712", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45712" }, { "reference_url": "https://www.exploit-db.com/exploits/45712/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/45712/" }, { "reference_url": "http://www.securityfocus.com/bid/103713", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103713" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557130", "reference_id": "1557130", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557130" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892859", "reference_id": "892859", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892859" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45712.py", "reference_id": "CVE-2018-7750", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45712.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7750", "reference_id": "CVE-2018-7750", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7750" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4288?format=api", "purl": "pkg:pypi/ansible@2.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-s1r4-29kw-5kbg" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/5615?format=api", "purl": "pkg:pypi/ansible@2.4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-5hwt-gkgx-jqb4" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-y91x-2rch-pkar" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.1.0" } ], "aliases": [ "CVE-2018-7750", "GHSA-232r-66cg-79px", "PYSEC-2018-19" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jh2-znva-2bb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6475?format=api", "vulnerability_id": "VCID-4yvf-k192-9fca", "summary": "A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2056", "reference_id": "AVG-2056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2056" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3533", "reference_id": "CVE-2021-3533", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3533" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4288?format=api", "purl": "pkg:pypi/ansible@2.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-s1r4-29kw-5kbg" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17555?format=api", "purl": "pkg:pypi/ansible@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0" } ], "aliases": [ "CVE-2021-3533", "PYSEC-2021-126" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yvf-k192-9fca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20186?format=api", "vulnerability_id": "VCID-682j-e2pu-1uee", "summary": "Improper Neutralization of Special Elements Used in a Template Engine\nA template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7773", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7773" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2163", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21687", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21552", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21699", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21746", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2166", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21603", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5764" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f" }, { "reference_url": "https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a" }, { "reference_url": "https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057427", "reference_id": "1057427", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057427" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.4::el8", "reference_id": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.4::el9", "reference_id": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "reference_id": "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "reference_id": "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "reference_id": "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "reference_id": "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-5764", "reference_id": "CVE-2023-5764", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-5764" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764", "reference_id": "CVE-2023-5764", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764" }, { "reference_url": "https://github.com/advisories/GHSA-7j69-qfc3-2fq9", "reference_id": "GHSA-7j69-qfc3-2fq9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7j69-qfc3-2fq9" }, { "reference_url": "https://usn.ubuntu.com/6846-1/", "reference_id": "USN-6846-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6846-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17553?format=api", "purl": "pkg:pypi/ansible@3.0.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17555?format=api", "purl": "pkg:pypi/ansible@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0" } ], "aliases": [ "CVE-2023-5764", "GHSA-7j69-qfc3-2fq9" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-682j-e2pu-1uee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6043?format=api", "vulnerability_id": "VCID-ae1r-yq1g-rkem", "summary": "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1737.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1737.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30802", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30848", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30983", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3089", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30889", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30858", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.308", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30936", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30807", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1737" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1737" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-893h-35v4-mxqx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-893h-35v4-mxqx" }, { "reference_url": "https://github.com/ansible/ansible/issues/67795", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/67795" }, { "reference_url": "https://github.com/ansible/ansible/pull/67799", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/67799" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-9.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-9.yaml" }, { "reference_url": "https://github.com/samdoran/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/samdoran/ansible" }, { "reference_url": "https://github.com/samdoran/ansible/commit/1de638b4d38d6d916588e2ad48d01f90dab8c36d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/samdoran/ansible/commit/1de638b4d38d6d916588e2ad48d01f90dab8c36d" }, { "reference_url": "https://github.com/samdoran/ansible/commit/aaf549d7870b8687209a3282841b59207735b676", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/samdoran/ansible/commit/aaf549d7870b8687209a3282841b59207735b676" }, { "reference_url": "https://github.com/samdoran/ansible/commit/b60aa26e2313a8d52c0e0d3fd01696e797605b72", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/samdoran/ansible/commit/b60aa26e2313a8d52c0e0d3fd01696e797605b72" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802154", "reference_id": "1802154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1541", "reference_id": "RHSA-2020:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1542", "reference_id": "RHSA-2020:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1543", "reference_id": "RHSA-2020:1543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1544", "reference_id": "RHSA-2020:1544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1544" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/7572?format=api", "purl": "pkg:pypi/ansible@2.8.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10050?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1737", "GHSA-893h-35v4-mxqx", "PYSEC-2020-9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ae1r-yq1g-rkem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13372?format=api", "vulnerability_id": "VCID-atun-stks-4kcb", "summary": "Insertion of Sensitive Information into Log File\nA flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20180.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11284", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11312", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11345", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11339", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11285", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11204", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11412", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11355", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11208", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20180" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915808", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20180" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.8.19/changelogs/CHANGELOG-v2.8.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.8.19/changelogs/CHANGELOG-v2.8.rst" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst" }, { "reference_url": "https://github.com/ansible/ansible/pull/73242", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73242" }, { "reference_url": "https://github.com/ansible/ansible/pull/73243", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73243" }, { "reference_url": "https://github.com/ansible/ansible/tree/v2.7.18/lib/ansible/modules/source_control", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/tree/v2.7.18/lib/ansible/modules/source_control" }, { "reference_url": "https://github.com/ansible/ansible/tree/v2.8.0a1/lib/ansible/modules/source_control", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/tree/v2.8.0a1/lib/ansible/modules/source_control" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753", "reference_id": "985753", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20180", "reference_id": "CVE-2021-20180", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20180" }, { "reference_url": "https://github.com/advisories/GHSA-fh5v-5f35-2rv2", "reference_id": "GHSA-fh5v-5f35-2rv2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh5v-5f35-2rv2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0663", "reference_id": "RHSA-2021:0663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0664", "reference_id": "RHSA-2021:0664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1079", "reference_id": "RHSA-2021:1079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2180", "reference_id": "RHSA-2021:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2180" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13291?format=api", "purl": "pkg:pypi/ansible@2.8.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-x94k-nxyd-27gs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/13310?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" } ], "aliases": [ "CVE-2021-20180", "GHSA-fh5v-5f35-2rv2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atun-stks-4kcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6601?format=api", "vulnerability_id": "VCID-axc3-wcsk-q3eg", "summary": "A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5489", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54913", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54931", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54919", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54804", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5487", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54875", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5492", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3583", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3583" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e" }, { "reference_url": "https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847" }, { "reference_url": "https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1" }, { "reference_url": "https://github.com/ansible/ansible/pull/74960", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/74960" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://security.archlinux.org/AVG-2260", "reference_id": "AVG-2260", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2260" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583", "reference_id": "CVE-2021-3583", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2663", "reference_id": "RHSA-2021:2663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2664", "reference_id": "RHSA-2021:2664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2664" }, { "reference_url": "https://usn.ubuntu.com/USN-5315-1/", "reference_id": "USN-USN-5315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5315-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13319?format=api", "purl": "pkg:pypi/ansible@2.9.23rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/13320?format=api", "purl": "pkg:pypi/ansible@2.9.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/74280?format=api", "purl": "pkg:pypi/ansible@2.10.11rc1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.11rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74281?format=api", "purl": "pkg:pypi/ansible@2.11.2rc1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.11.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17553?format=api", "purl": "pkg:pypi/ansible@3.0.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0b1" } ], "aliases": [ "CVE-2021-3583", "GHSA-2pfh-q76x-gwvm", "PYSEC-2021-358" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axc3-wcsk-q3eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6049?format=api", "vulnerability_id": "VCID-b8zs-br97-57av", "summary": "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1739.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1739.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13748", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13797", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13834", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13865", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13815", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1378", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13874", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1393", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13732", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1739" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-923p-fr2c-g5m2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-923p-fr2c-g5m2" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/1a89d4f059c21a818306a39ada7f5284ae125237", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/1a89d4f059c21a818306a39ada7f5284ae125237" }, { "reference_url": "https://github.com/ansible/ansible/commit/6c74a298702c8bb5532b9600073312e08f39680f", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/6c74a298702c8bb5532b9600073312e08f39680f" }, { "reference_url": "https://github.com/ansible/ansible/commit/c6c4fbf4a1fdea1e10ba94462a60c413990a16a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/c6c4fbf4a1fdea1e10ba94462a60c413990a16a4" }, { "reference_url": "https://github.com/ansible/ansible/issues/67797", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/67797" }, { "reference_url": "https://github.com/ansible/ansible/pull/68911", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/68911" }, { "reference_url": "https://github.com/ansible/ansible/pull/68912", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/68912" }, { "reference_url": "https://github.com/ansible/ansible/pull/68913", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/68913" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-11.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-11.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802178", "reference_id": "1802178", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802178" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1541", "reference_id": "RHSA-2020:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1542", "reference_id": "RHSA-2020:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1543", "reference_id": "RHSA-2020:1543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1544", "reference_id": "RHSA-2020:1544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "reference_url": "https://usn.ubuntu.com/7330-1/", "reference_id": "USN-7330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7330-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/7572?format=api", "purl": "pkg:pypi/ansible@2.8.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10050?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10145?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10146?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-1739", "GHSA-923p-fr2c-g5m2", "PYSEC-2020-11" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8zs-br97-57av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6056?format=api", "vulnerability_id": "VCID-c1xg-s3kx-gkft", "summary": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1736.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1736.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12221", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12184", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12383", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12337", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13875", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13918", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13791", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13866", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13839", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1736" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1736" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-x7jh-595q-wq82", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x7jh-595q-wq82" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/issues/67794", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/67794" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802124", "reference_id": "1802124", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802124" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966663", "reference_id": "966663", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966663" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", "reference_id": "CVE-2020-1736", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3600", "reference_id": "RHSA-2020:3600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3600" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/10050?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/13575?format=api", "purl": "pkg:pypi/ansible@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jy6-eqpn-wbce" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1" } ], "aliases": [ "CVE-2020-1736", "GHSA-x7jh-595q-wq82", "PYSEC-2020-8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1xg-s3kx-gkft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6131?format=api", "vulnerability_id": "VCID-d4ka-dk4p-kfhb", "summary": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1244", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12481", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1252", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12498", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12417", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12609", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12567", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12463", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14904" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-gwr8-5j83-483c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gwr8-5j83-483c" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69" }, { "reference_url": "https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907" }, { "reference_url": "https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8" }, { "reference_url": "https://github.com/ansible/ansible/pull/65686", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/65686" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0215", "reference_id": "RHSA-2020:0215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0217", "reference_id": "RHSA-2020:0217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0217" }, { "reference_url": "https://usn.ubuntu.com/7330-1/", "reference_id": "USN-7330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7330-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7568?format=api", "purl": "pkg:pypi/ansible@2.7.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/7569?format=api", "purl": "pkg:pypi/ansible@2.7.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/9832?format=api", "purl": "pkg:pypi/ansible@2.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/10045?format=api", "purl": "pkg:pypi/ansible@2.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/10046?format=api", "purl": "pkg:pypi/ansible@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/10047?format=api", "purl": "pkg:pypi/ansible@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.3" } ], "aliases": [ "CVE-2019-14904", "GHSA-gwr8-5j83-483c", "PYSEC-2020-161" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d4ka-dk4p-kfhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6055?format=api", "vulnerability_id": "VCID-d7ez-s7qb-p3ay", "summary": "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1738.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1738.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33988", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34012", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34055", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34056", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34025", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33983", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34123", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33754", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1738" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1738" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-f85h-23mf-2fwh", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f85h-23mf-2fwh" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/issues/67796", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/67796" }, { "reference_url": "https://github.com/ansible/ansible/pull/67808", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/67808" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-10.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-10.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:N/C:N/I:P/A:P" }, { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802164", "reference_id": "1802164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802164" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/7572?format=api", "purl": "pkg:pypi/ansible@2.8.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10050?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10145?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10146?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-1738", "GHSA-f85h-23mf-2fwh", "PYSEC-2020-10" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7ez-s7qb-p3ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5860?format=api", "vulnerability_id": "VCID-drt9-vx5r-akgm", "summary": "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html" }, { "reference_url": "http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3744", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3789", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3789" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3828.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3828.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08479", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08511", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08518", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08499", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08426", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08508", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08454", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08411", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08494", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3828" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-74vq-h4q8-x6jv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-74vq-h4q8-x6jv" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/396a2f74717477d80600450e2b7e45349d7b5110", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/396a2f74717477d80600450e2b7e45349d7b5110" }, { "reference_url": "https://github.com/ansible/ansible/commit/4be3215d2f9f84ca283895879f0c6ce1ed7dd333", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/4be3215d2f9f84ca283895879f0c6ce1ed7dd333" }, { "reference_url": "https://github.com/ansible/ansible/commit/f3edc091523fbe301926b7a0db25fbbd96940d93", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/f3edc091523fbe301926b7a0db25fbbd96940d93" }, { "reference_url": "https://github.com/ansible/ansible/pull/52133", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/52133" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-5.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-5.yaml" }, { "reference_url": "https://usn.ubuntu.com/4072-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4072-1" }, { "reference_url": "https://usn.ubuntu.com/4072-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4072-1/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1676689", "reference_id": "1676689", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1676689" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922537", "reference_id": "922537", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3828", "reference_id": "CVE-2019-3828", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0430", "reference_id": "RHSA-2019:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0431", "reference_id": "RHSA-2019:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0432", "reference_id": "RHSA-2019:0432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0433", "reference_id": "RHSA-2019:0433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0433" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8228?format=api", "purl": "pkg:pypi/ansible@2.5.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/8229?format=api", "purl": "pkg:pypi/ansible@2.6.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/7561?format=api", "purl": "pkg:pypi/ansible@2.7.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.8" } ], "aliases": [ "CVE-2019-3828", "GHSA-74vq-h4q8-x6jv", "PYSEC-2019-5" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-drt9-vx5r-akgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6324?format=api", "vulnerability_id": "VCID-e3z2-ydhb-gqfg", "summary": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20228.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20228.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35396", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3542", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35463", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35454", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35429", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35383", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.355", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35276", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35475", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20228" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c" }, { "reference_url": "https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b" }, { "reference_url": "https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120" }, { "reference_url": "https://github.com/ansible/ansible/pull/73487", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73487" }, { "reference_url": "https://github.com/ansible/ansible/pull/73492", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73492" }, { "reference_url": "https://github.com/ansible/ansible/pull/73493", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73493" }, { "reference_url": "https://github.com/ansible/ansible/pull/73494", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73494" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20228" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0663", "reference_id": "RHSA-2021:0663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0664", "reference_id": "RHSA-2021:0664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1079", "reference_id": "RHSA-2021:1079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2180", "reference_id": "RHSA-2021:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2180" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4288?format=api", "purl": "pkg:pypi/ansible@2.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-s1r4-29kw-5kbg" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/13290?format=api", "purl": "pkg:pypi/ansible@2.8.19rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9833?format=api", "purl": "pkg:pypi/ansible@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/13309?format=api", "purl": "pkg:pypi/ansible@2.9.18rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/13311?format=api", "purl": "pkg:pypi/ansible@2.9.19rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/13312?format=api", "purl": "pkg:pypi/ansible@2.9.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/82205?format=api", "purl": "pkg:pypi/ansible@2.10.6rc1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.6rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17134?format=api", "purl": "pkg:pypi/ansible@2.10.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.6" } ], "aliases": [ "CVE-2021-20228", "GHSA-5rrg-rr89-x9mv", "PYSEC-2021-1" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3z2-ydhb-gqfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6053?format=api", "vulnerability_id": "VCID-ezaq-tqd3-4yd1", "summary": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1753.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1753.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1278", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12825", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12862", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12896", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12816", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12766", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12964", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12914", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12845", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1753" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://github.com/advisories/GHSA-86hp-cj9j-33vv", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86hp-cj9j-33vv" }, { "reference_url": "https://github.com/ansible/ansible/commit/04ba05e003b268b83df6c106ba5c0f08548b1380", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/04ba05e003b268b83df6c106ba5c0f08548b1380" }, { "reference_url": "https://github.com/ansible/ansible/commit/137caed836ef096945086cfe75dc11587b68db3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/137caed836ef096945086cfe75dc11587b68db3a" }, { "reference_url": "https://github.com/ansible/ansible/commit/273d8538dbe5a7b5c9954f1929d3bb00904c43f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/273d8538dbe5a7b5c9954f1929d3bb00904c43f6" }, { "reference_url": "https://github.com/ansible/ansible/pull/68195", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/68195" }, { "reference_url": "https://github.com/ansible-collections/kubernetes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/kubernetes" }, { "reference_url": "https://github.com/ansible-collections/kubernetes/pull/51", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/kubernetes/pull/51" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-210.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-210.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1753" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811008", "reference_id": "1811008", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811008" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1541", "reference_id": "RHSA-2020:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1542", "reference_id": "RHSA-2020:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2142", "reference_id": "RHSA-2020:2142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2142" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/7571?format=api", "purl": "pkg:pypi/ansible@2.7.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/7572?format=api", "purl": "pkg:pypi/ansible@2.8.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10050?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10145?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/10621?format=api", "purl": "pkg:pypi/ansible@2.8.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10146?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-1753", "GHSA-86hp-cj9j-33vv", "PYSEC-2020-210" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezaq-tqd3-4yd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5761?format=api", "vulnerability_id": "VCID-fetz-42jf-nqe8", "summary": "An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1685", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1685" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8647.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8647.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-8647", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2016-8647" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38395", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38371", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38235", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38337", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38301", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38276", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38319", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38311", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.3826", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8647" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396174", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396174" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8647" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-x4cm-m36h-c6qj", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4cm-m36h-c6qj" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/commit/30fb384e7fb9a94ac3929e4a650877e45d8834c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/commit/30fb384e7fb9a94ac3929e4a650877e45d8834c9" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/pull/5388", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/pull/5388" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-58.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-58.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844691", "reference_id": "844691", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844691" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8647", "reference_id": "CVE-2016-8647", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8647" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6466?format=api", "purl": "pkg:pypi/ansible@2.2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.1.0" } ], "aliases": [ "CVE-2016-8647", "GHSA-x4cm-m36h-c6qj", "PYSEC-2018-58" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fetz-42jf-nqe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6457?format=api", "vulnerability_id": "VCID-fj2p-7wkh-1fhq", "summary": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13388", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13435", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13471", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13411", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13498", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13448", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13367", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13571", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1351", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20178" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes," }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C" }, { "reference_url": "https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc" }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/1635", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/community.general/pull/1635" }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/1635,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.general/pull/1635," }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20178", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20178" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753", "reference_id": "985753", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0663", "reference_id": "RHSA-2021:0663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0664", "reference_id": "RHSA-2021:0664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1079", "reference_id": "RHSA-2021:1079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2180", "reference_id": "RHSA-2021:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2180" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13310?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" } ], "aliases": [ "CVE-2021-20178", "GHSA-wv5p-gmmv-wh9v", "PYSEC-2021-106" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fj2p-7wkh-1fhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8498?format=api", "vulnerability_id": "VCID-geaa-6dxx-tbcw", "summary": "A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3871", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2021:3871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3872", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2021:3872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3874", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2021:3874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4703", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2021:4703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4750", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2021:4750" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3620.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3620.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3620", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3620" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52409", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52437", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52402", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52455", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52364", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.525", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52484", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52468", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52449", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3620" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/" } ], "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { "reference_url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/" } ], "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://security.archlinux.org/AVG-1941", "reference_id": "AVG-1941", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1941" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620", "reference_id": "CVE-2021-3620", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620" }, { "reference_url": "https://usn.ubuntu.com/USN-5315-1/", "reference_id": "USN-USN-5315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5315-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13328?format=api", "purl": "pkg:pypi/ansible@2.9.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27" } ], "aliases": [ "CVE-2021-3620", "GHSA-4r65-35qq-ch8j", "PYSEC-2022-164" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-geaa-6dxx-tbcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5765?format=api", "vulnerability_id": "VCID-hfxe-jjf5-nqd1", "summary": "A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8614.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8614.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23411", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23465", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23504", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23486", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23436", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23582", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23383", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23544", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8614" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8614" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-cmwx-9m2h-x7v4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmwx-9m2h-x7v4" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/commit/1182d1f0b76d56f3667e27987a10b9ec8f03357d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/commit/1182d1f0b76d56f3667e27987a10b9ec8f03357d" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/commit/66d47c8149d84e52f64b7c4d1f340d45dca94d9c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/commit/66d47c8149d84e52f64b7c4d1f340d45dca94d9c" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/issues/5237", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/issues/5237" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/pull/5353", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/pull/5353" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/pull/5357", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-core/pull/5357" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-37.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-37.yaml" }, { "reference_url": "https://web.archive.org/web/20200227214450/https://www.securityfocus.com/bid/94108", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227214450/https://www.securityfocus.com/bid/94108" }, { "reference_url": "http://www.securityfocus.com/bid/94108", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94108" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388038", "reference_id": "1388038", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388038" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842984", "reference_id": "842984", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842984" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8614", "reference_id": "CVE-2016-8614", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8614" }, { "reference_url": "https://usn.ubuntu.com/7330-1/", "reference_id": "USN-7330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7330-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6464?format=api", "purl": "pkg:pypi/ansible@2.2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/30861?format=api", "purl": "pkg:pypi/ansible@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0" } ], "aliases": [ "CVE-2016-8614", "GHSA-cmwx-9m2h-x7v4", "PYSEC-2018-37" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfxe-jjf5-nqd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6044?format=api", "vulnerability_id": "VCID-hqar-fca3-cbht", "summary": "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08244", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08262", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08291", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08272", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08208", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08146", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08205", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1733" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-g4mq-6fp5-qwcf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g4mq-6fp5-qwcf" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/80b9a0a25c5f75e84aefc8f2b293fb1933b154f2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/80b9a0a25c5f75e84aefc8f2b293fb1933b154f2" }, { "reference_url": "https://github.com/ansible/ansible/commit/8251d9f4c2bc82632ab992277fcd30ccbf87aa47", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/8251d9f4c2bc82632ab992277fcd30ccbf87aa47" }, { "reference_url": "https://github.com/ansible/ansible/commit/ecf99d5e1ff732a7777010facd6c98bb0994605e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/ecf99d5e1ff732a7777010facd6c98bb0994605e" }, { "reference_url": "https://github.com/ansible/ansible/issues/67791", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/67791" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-5.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-5.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1733" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801735", "reference_id": "1801735", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801735" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1541", "reference_id": "RHSA-2020:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1542", "reference_id": "RHSA-2020:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1543", "reference_id": "RHSA-2020:1543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1544", "reference_id": "RHSA-2020:1544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1544" }, { "reference_url": "https://usn.ubuntu.com/USN-5315-1/", "reference_id": "USN-USN-5315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5315-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/10045?format=api", "purl": "pkg:pypi/ansible@2.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/10145?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10146?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-1733", "GHSA-g4mq-6fp5-qwcf", "PYSEC-2020-5" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hqar-fca3-cbht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5738?format=api", "vulnerability_id": "VCID-jhxm-379u-subt", "summary": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1244", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1334", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1476", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1499", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1599", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1685", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1685" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7466.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7466.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85982", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85915", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85927", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85943", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85945", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85964", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85974", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85989", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85987", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7466" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7466" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079" }, { "reference_url": "https://github.com/ansible/ansible/commit/7ff9fa52cfcef2065f0db80d85dd94b9b754839c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/7ff9fa52cfcef2065f0db80d85dd94b9b754839c" }, { "reference_url": "https://github.com/ansible/ansible/issues/24186", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/24186" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-40.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-40.yaml" }, { "reference_url": "https://web.archive.org/web/20170701161323/http://www.securityfocus.com/bid/97595", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170701161323/http://www.securityfocus.com/bid/97595" }, { "reference_url": "http://www.securityfocus.com/bid/97595", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97595" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439212", "reference_id": "1439212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439212" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7466", "reference_id": "CVE-2017-7466", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:C/I:C/A:C" }, { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7466" }, { "reference_url": "https://github.com/advisories/GHSA-3m8p-xpm6-8ww3", "reference_id": "GHSA-3m8p-xpm6-8ww3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3m8p-xpm6-8ww3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6539?format=api", "purl": "pkg:pypi/ansible@2.2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/5611?format=api", "purl": "pkg:pypi/ansible@2.3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1d7-4rje-ayf9" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.3.0.0" } ], "aliases": [ "CVE-2017-7466", "GHSA-3m8p-xpm6-8ww3", "PYSEC-2018-40" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhxm-379u-subt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5946?format=api", "vulnerability_id": "VCID-jnmu-c8dt-5yb6", "summary": "A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3201", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3202", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3203", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3207", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0756", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0756" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14858.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14858.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1843", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18479", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18624", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18679", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18394", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18475", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18528", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18529", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18481", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14858" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14858" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b" }, { "reference_url": "https://github.com/ansible/ansible/commit/3dfb8e81bb5f776a6b00c7a90dd087e85b71f8bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/3dfb8e81bb5f776a6b00c7a90dd087e85b71f8bb" }, { "reference_url": "https://github.com/ansible/ansible/commit/87f8d77d70476454f7fe2381bd363a329ce4266c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/87f8d77d70476454f7fe2381bd363a329ce4266c" }, { "reference_url": "https://github.com/ansible/ansible/commit/f610ed3a4eb87eb557200606279796921fa9b722", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/f610ed3a4eb87eb557200606279796921fa9b722" }, { "reference_url": "https://github.com/ansible/ansible/pull/63405", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/63405" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-171.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-171.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14858", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14858" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760593", "reference_id": "1760593", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760593" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942332", "reference_id": "942332", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942332" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-h653-95qw-h2mp", "reference_id": "GHSA-h653-95qw-h2mp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h653-95qw-h2mp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9396?format=api", "purl": "pkg:pypi/ansible@2.6.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/7567?format=api", "purl": "pkg:pypi/ansible@2.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/7579?format=api", "purl": "pkg:pypi/ansible@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-7uu9-tj6b-quf6" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9397?format=api", "purl": "pkg:pypi/ansible@2.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/13298?format=api", "purl": "pkg:pypi/ansible@2.9.0rc4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.0rc4" } ], "aliases": [ "CVE-2019-14858", "GHSA-h653-95qw-h2mp", "PYSEC-2019-171" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jnmu-c8dt-5yb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/221223?format=api", "vulnerability_id": "VCID-js7k-ptm9-2yh1", "summary": "Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long, it will result in an exception. Attackers can make attacks by creating a series of account addresses.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-20178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59975", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59852", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59928", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59954", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59924", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59974", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59987", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60008", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59993", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-20178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20178", "reference_id": "CVE-2020-20178", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20178" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13310?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" } ], "aliases": [ "CVE-2020-20178" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-js7k-ptm9-2yh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5941?format=api", "vulnerability_id": "VCID-kb5h-116p-33b4", "summary": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3201", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3202", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3203", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3207", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0756", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0756" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14846.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14846.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35985", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35913", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36104", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36134", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3597", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36019", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36043", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36048", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3601", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14846" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4" }, { "reference_url": "https://github.com/ansible/ansible/commit/cb0f535a8b254a2daf69cd067e842fabb2993034", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/cb0f535a8b254a2daf69cd067e842fabb2993034" }, { "reference_url": "https://github.com/ansible/ansible/commit/d961f676c01023a6a21503df16ba551a550e515b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/d961f676c01023a6a21503df16ba551a550e515b" }, { "reference_url": "https://github.com/ansible/ansible/pull/63366", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/63366" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-4.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-4.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14846" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755373", "reference_id": "1755373", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755373" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942188", "reference_id": "942188", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942188" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-pm48-cvv2-29q5", "reference_id": "GHSA-pm48-cvv2-29q5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pm48-cvv2-29q5" }, { "reference_url": "https://usn.ubuntu.com/7330-1/", "reference_id": "USN-7330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7330-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9396?format=api", "purl": "pkg:pypi/ansible@2.6.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/7567?format=api", "purl": "pkg:pypi/ansible@2.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/9397?format=api", "purl": "pkg:pypi/ansible@2.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/13294?format=api", "purl": "pkg:pypi/ansible@2.9.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.0b1" } ], "aliases": [ "CVE-2019-14846", "GHSA-pm48-cvv2-29q5", "PYSEC-2019-4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kb5h-116p-33b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5825?format=api", "vulnerability_id": "VCID-puq1-z5h7-pkdg", "summary": "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3835", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3836", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3837", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3838", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0564", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0590", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0590" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16876.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16876.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16876", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70437", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70446", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70491", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70506", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.7053", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70515", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70501", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70451", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70468", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16876" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/0954942dfdc563f80fd3e388f550aa165ec931da", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/0954942dfdc563f80fd3e388f550aa165ec931da" }, { "reference_url": "https://github.com/ansible/ansible/commit/424c68f15ad9f532d73e5afed33ff477f54281a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/424c68f15ad9f532d73e5afed33ff477f54281a7" }, { "reference_url": "https://github.com/ansible/ansible/commit/e0a81d133ffc8f7067182c53cf6a28c724dd1099", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/e0a81d133ffc8f7067182c53cf6a28c724dd1099" }, { "reference_url": "https://github.com/ansible/ansible/issues/51318", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/51318" }, { "reference_url": "https://github.com/ansible/ansible/pull/49569", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/49569" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-141.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-141.yaml" }, { "reference_url": "https://usn.ubuntu.com/4072-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4072-1" }, { "reference_url": "https://usn.ubuntu.com/4072-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4072-1/" }, { "reference_url": "https://web.archive.org/web/20200227100904/http://www.securityfocus.com/bid/106225", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227100904/http://www.securityfocus.com/bid/106225" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4396", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4396" }, { "reference_url": "http://www.securityfocus.com/bid/106225", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106225" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1657330", "reference_id": "1657330", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1657330" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916102", "reference_id": "916102", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916102" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16876", "reference_id": "CVE-2018-16876", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" }, { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16876" }, { "reference_url": "https://github.com/advisories/GHSA-j569-fghw-f9rx", "reference_id": "GHSA-j569-fghw-f9rx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j569-fghw-f9rx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7732?format=api", "purl": "pkg:pypi/ansible@2.5.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/7733?format=api", "purl": "pkg:pypi/ansible@2.6.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/7558?format=api", "purl": "pkg:pypi/ansible@2.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.5" } ], "aliases": [ "CVE-2018-16876", "GHSA-j569-fghw-f9rx", "PYSEC-2019-141" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-puq1-z5h7-pkdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5764?format=api", "vulnerability_id": "VCID-q4q1-aueh-sub2", "summary": "Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2778", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:2778" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8628.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8628.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62098", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.6208", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62031", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62061", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.6203", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62118", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62107", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62086", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.61959", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8628" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-jg4f-jqm5-4mgq", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jg4f-jqm5-4mgq" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/35938b907dfcd1106ca40b794f0db446bdb8cf09", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/35938b907dfcd1106ca40b794f0db446bdb8cf09" }, { "reference_url": "https://github.com/ansible/ansible/issues/41903", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/41903" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-38.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-38.yaml" }, { "reference_url": "https://web.archive.org/web/20200227214455/http://www.securityfocus.com/bid/94109", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227214455/http://www.securityfocus.com/bid/94109" }, { "reference_url": "http://www.securityfocus.com/bid/94109", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94109" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388113", "reference_id": "1388113", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388113" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842985", "reference_id": "842985", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842985" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8628", "reference_id": "CVE-2016-8628", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8628" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6464?format=api", "purl": "pkg:pypi/ansible@2.2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/30861?format=api", "purl": "pkg:pypi/ansible@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0" } ], "aliases": [ "CVE-2016-8628", "GHSA-jg4f-jqm5-4mgq", "PYSEC-2018-38" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4q1-aueh-sub2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23740?format=api", "vulnerability_id": "VCID-qbdk-hxhg-wbh4", "summary": "Ansible Community General Collection is vulnerable to exposure of sensitive information\nA flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14010.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14010.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03045", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03031", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0471", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04677", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04694", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04705", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04717", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14010" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418774", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T17:22:53Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418774" }, { "reference_url": "https://github.com/ansible-collections/community.general", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/community.general" }, { "reference_url": "https://github.com/ansible-collections/community.general/commit/08e56bbb9b57740a879d3057d84cdb02a162b840", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/community.general/commit/08e56bbb9b57740a879d3057d84cdb02a162b840" }, { "reference_url": "https://github.com/ansible-collections/community.general/commit/54af64ad363efe280b34102d2637fe272c1f7320", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.general/commit/54af64ad363efe280b34102d2637fe272c1f7320" }, { "reference_url": "https://github.com/ansible-collections/community.general/issues/11000", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/community.general/issues/11000" }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/11005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.general/pull/11005" }, { "reference_url": "https://github.com/ansible-community/ansible-build-data/blob/12.2.0/12/CHANGELOG-v12.md#security-fixes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-community/ansible-build-data/blob/12.2.0/12/CHANGELOG-v12.md#security-fixes" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121951", "reference_id": "1121951", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121951" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:5", "reference_id": "cpe:/a:redhat:ceph_storage:5", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:5" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:6", "reference_id": "cpe:/a:redhat:ceph_storage:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7", "reference_id": "cpe:/a:redhat:ceph_storage:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8", "reference_id": "cpe:/a:redhat:ceph_storage:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ceph_storage:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.1", "reference_id": "cpe:/a:redhat:openstack:17.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:18.0", "reference_id": "cpe:/a:redhat:openstack:18.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:18.0" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-14010", "reference_id": "CVE-2025-14010", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T17:22:53Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-14010" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14010", "reference_id": "CVE-2025-14010", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14010" }, { "reference_url": "https://github.com/advisories/GHSA-8ggh-xwr9-3373", "reference_id": "GHSA-8ggh-xwr9-3373", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8ggh-xwr9-3373" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66749?format=api", "purl": "pkg:pypi/ansible@12.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@12.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/69360?format=api", "purl": "pkg:pypi/ansible@12.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@12.2.0" } ], "aliases": [ "CVE-2025-14010", "GHSA-8ggh-xwr9-3373" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbdk-hxhg-wbh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5812?format=api", "vulnerability_id": "VCID-r6bb-p28b-8fcn", "summary": "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3770", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3770" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3771", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3772", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3773", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3773" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16859.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16859.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26464", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26567", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2656", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26512", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26442", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26657", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26612", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26562", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26521", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16859" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859" }, { "reference_url": "https://cwe.mitre.org/data/definitions/200.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.5.13/changelogs/CHANGELOG-v2.5.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.5.13/changelogs/CHANGELOG-v2.5.rst" }, { "reference_url": "https://github.com/ansible/ansible/commit/0d746b4198abf84290a093b83cf02b4203d73d9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/0d746b4198abf84290a093b83cf02b4203d73d9f" }, { "reference_url": "https://github.com/ansible/ansible/commit/2f8d3fcf41107efafc14d51ab6e14531ca8f8c87", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/2f8d3fcf41107efafc14d51ab6e14531ca8f8c87" }, { "reference_url": "https://github.com/ansible/ansible/commit/4d748d34f9392aa469da00a85c8e2d5fe6cec52b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/4d748d34f9392aa469da00a85c8e2d5fe6cec52b" }, { "reference_url": "https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c" }, { "reference_url": "https://github.com/ansible/ansible/pull/49142", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/49142" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-60.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-60.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16859" }, { "reference_url": "https://web.archive.org/web/20200227102121/http://www.securityfocus.com/bid/106004", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227102121/http://www.securityfocus.com/bid/106004" }, { "reference_url": "http://www.securityfocus.com/bid/106004", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649607", "reference_id": "1649607", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649607" }, { "reference_url": "https://github.com/advisories/GHSA-v735-2pp6-h86r", "reference_id": "GHSA-v735-2pp6-h86r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v735-2pp6-h86r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7553?format=api", "purl": "pkg:pypi/ansible@2.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/7580?format=api", "purl": "pkg:pypi/ansible@2.5.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/7555?format=api", "purl": "pkg:pypi/ansible@2.6.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/7581?format=api", "purl": "pkg:pypi/ansible@2.6.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/7557?format=api", "purl": "pkg:pypi/ansible@2.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/7578?format=api", "purl": "pkg:pypi/ansible@2.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/7579?format=api", "purl": "pkg:pypi/ansible@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-7uu9-tj6b-quf6" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1" } ], "aliases": [ "CVE-2018-16859", "GHSA-v735-2pp6-h86r", "PYSEC-2018-60" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6bb-p28b-8fcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6083?format=api", "vulnerability_id": "VCID-rdwq-93d6-c7b4", "summary": "An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10744.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10744.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1157", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11597", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11537", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11452", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11664", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11607", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1148", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10744" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10744" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-vp9j-rghq-8jhh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vp9j-rghq-8jhh" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d" }, { "reference_url": "https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f" }, { "reference_url": "https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80" }, { "reference_url": "https://github.com/ansible/ansible/issues/69782", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/69782" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835566", "reference_id": "1835566", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835566" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966660", "reference_id": "966660", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966660" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744", "reference_id": "CVE-2020-10744", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744" }, { "reference_url": "https://usn.ubuntu.com/USN-5315-1/", "reference_id": "USN-USN-5315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5315-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7572?format=api", "purl": "pkg:pypi/ansible@2.8.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10624?format=api", "purl": "pkg:pypi/ansible@2.8.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/10625?format=api", "purl": "pkg:pypi/ansible@2.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/13282?format=api", "purl": "pkg:pypi/ansible@2.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/13340?format=api", "purl": "pkg:pypi/ansible@2.10.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1" } ], "aliases": [ "CVE-2020-10744", "GHSA-vp9j-rghq-8jhh", "PYSEC-2020-208" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdwq-93d6-c7b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6177?format=api", "vulnerability_id": "VCID-rg5d-st3d-nbah", "summary": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25635.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25635.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25003", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25057", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25098", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25039", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25199", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2497", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25158", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25073", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25635" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible-collections/community.aws/issues/222", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/community.aws/issues/222" }, { "reference_url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880275", "reference_id": "1880275", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880275" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635", "reference_id": "CVE-2020-25635", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635" }, { "reference_url": "https://github.com/advisories/GHSA-f556-49jc-4rvc", "reference_id": "GHSA-f556-49jc-4rvc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f556-49jc-4rvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13575?format=api", "purl": "pkg:pypi/ansible@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jy6-eqpn-wbce" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1" } ], "aliases": [ "CVE-2020-25635", "GHSA-f556-49jc-4rvc", "PYSEC-2020-220" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rg5d-st3d-nbah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5797?format=api", "vulnerability_id": "VCID-rknj-nkgs-wyg2", "summary": "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3460", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3461", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3462", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3463", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3505", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3505" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16837.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16837.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2018-16837", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2018-16837" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12429", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12291", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12329", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12367", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1236", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12309", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1223", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12385", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1227", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16837" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/c963ef1dfbf73efea5106624eb48b346f01eaefd/changelogs/CHANGELOG-v2.7.rst?plain=1#L138", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/c963ef1dfbf73efea5106624eb48b346f01eaefd/changelogs/CHANGELOG-v2.7.rst?plain=1#L138" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst#v2511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst#v2511" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst#v267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst#v267" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#v2-7-1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#v2-7-1" }, { "reference_url": "https://github.com/ansible/ansible/commit/77928e6c3a2ad878b20312ce5d74d9d7741e0df0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/77928e6c3a2ad878b20312ce5d74d9d7741e0df0" }, { "reference_url": "https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4" }, { "reference_url": "https://github.com/ansible/ansible/commit/b618339c321c387230d3ea523e80ad47af3de5cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/b618339c321c387230d3ea523e80ad47af3de5cf" }, { "reference_url": "https://github.com/ansible/ansible/commit/f50cc0b8cb399bb7b7c1ad23b94c9404f0cc6d23", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/f50cc0b8cb399bb7b7c1ad23b94c9404f0cc6d23" }, { "reference_url": "https://github.com/ansible/ansible/pull/47436", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/47436" }, { "reference_url": "https://github.com/ansible/ansible/pull/47445", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/47445" }, { "reference_url": "https://github.com/ansible/ansible/pull/47486", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/47486" }, { "reference_url": "https://github.com/ansible/ansible/pull/47487", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/47487" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-44.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-44.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html" }, { "reference_url": "https://usn.ubuntu.com/4072-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4072-1" }, { "reference_url": "https://usn.ubuntu.com/4072-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4072-1/" }, { "reference_url": "https://web.archive.org/web/20200227105539/http://www.securityfocus.com/bid/105700", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227105539/http://www.securityfocus.com/bid/105700" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4396", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4396" }, { "reference_url": "http://www.securityfocus.com/bid/105700", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/105700" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640642", "reference_id": "1640642", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640642" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912297", "reference_id": "912297", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912297" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16837", "reference_id": "CVE-2018-16837", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16837" }, { "reference_url": "https://github.com/advisories/GHSA-hwrm-63v2-42g4", "reference_id": "GHSA-hwrm-63v2-42g4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hwrm-63v2-42g4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4288?format=api", "purl": "pkg:pypi/ansible@2.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-s1r4-29kw-5kbg" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7404?format=api", "purl": "pkg:pypi/ansible@2.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/7403?format=api", "purl": "pkg:pypi/ansible@2.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/7402?format=api", "purl": "pkg:pypi/ansible@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.1" } ], "aliases": [ "CVE-2018-16837", "GHSA-hwrm-63v2-42g4", "PYSEC-2018-44" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rknj-nkgs-wyg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5513?format=api", "vulnerability_id": "VCID-s1r4-29kw-5kbg", "summary": "The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3096.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3096.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3096", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1098", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11012", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11009", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10955", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1088", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11056", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10995", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10855", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10957", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3096" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322925", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3096", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3096" }, { "reference_url": "https://github.com/advisories/GHSA-rh6x-qvg7-rrmj", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rh6x-qvg7-rrmj" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away" }, { "reference_url": "https://github.com/ansible/ansible-modules-extras/commit/7c3999a92a1cd856ff9bc8913a93ff1aee8bffc3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-extras/commit/7c3999a92a1cd856ff9bc8913a93ff1aee8bffc3" }, { "reference_url": "https://github.com/ansible/ansible-modules-extras/pull/1941", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-extras/pull/1941" }, { "reference_url": "https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2016-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2016-1.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/ansible-announce/E80HLZilTU0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21topic/ansible-announce/E80HLZilTU0" }, { "reference_url": "https://groups.google.com/forum/#%21topic/ansible-announce/tqiZbcWxYig", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21topic/ansible-announce/tqiZbcWxYig" }, { "reference_url": "https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0" }, { "reference_url": "https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig" }, { "reference_url": "https://security.gentoo.org/glsa/201607-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201607-14" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819676", "reference_id": "819676", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819676" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3096", "reference_id": "CVE-2016-3096", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3096" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4291?format=api", "purl": "pkg:pypi/ansible@2.0.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.2.0" } ], "aliases": [ "CVE-2016-3096", "GHSA-rh6x-qvg7-rrmj", "PYSEC-2016-1" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1r4-29kw-5kbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89675?format=api", "vulnerability_id": "VCID-t6db-buke-nfhf", "summary": "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3789" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156" }, { "reference_url": "https://github.com/ansible/ansible/pull/57188", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/57188" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8970?format=api", "purl": "pkg:pypi/ansible@2.6.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/7565?format=api", "purl": "pkg:pypi/ansible@2.7.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/8971?format=api", "purl": "pkg:pypi/ansible@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-7uu9-tj6b-quf6" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.2" } ], "aliases": [ "PYSEC-2019-72" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t6db-buke-nfhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90800?format=api", "vulnerability_id": "VCID-tdp4-h4ht-pqhs", "summary": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "reference_url": "https://github.com/ansible/ansible/pull/65686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/65686" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7568?format=api", "purl": "pkg:pypi/ansible@2.7.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/9832?format=api", "purl": "pkg:pypi/ansible@2.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/10046?format=api", "purl": "pkg:pypi/ansible@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2" } ], "aliases": [ "PYSEC-2020-180" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdp4-h4ht-pqhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20488?format=api", "vulnerability_id": "VCID-ujbp-cc1r-wfe9", "summary": "Ansible symlink attack vulnerability\nAn absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5701", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:5701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5758", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:5758" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5115.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5115.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72353", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72376", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72388", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72404", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.7233", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72335", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72369", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5115" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5115" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/1e930684bc0a76ec3d094cd326738ad26416541c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/1e930684bc0a76ec3d094cd326738ad26416541c" }, { "reference_url": "https://github.com/ansible-community/ansible-build-data/blob/16d36538b96c65d9e0e28d89781361b69857ac0e/8/CHANGELOG-v8.rst#L221", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-community/ansible-build-data/blob/16d36538b96c65d9e0e28d89781361b69857ac0e/8/CHANGELOG-v8.rst#L221" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053693", "reference_id": "1053693", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053693" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-5115", "reference_id": "CVE-2023-5115", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-5115" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5115", "reference_id": "CVE-2023-5115", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5115" }, { "reference_url": "https://github.com/advisories/GHSA-jpvw-p8pr-9g2x", "reference_id": "GHSA-jpvw-p8pr-9g2x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jpvw-p8pr-9g2x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62082?format=api", "purl": "pkg:pypi/ansible@8.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qbdk-hxhg-wbh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@8.5.0" } ], "aliases": [ "CVE-2023-5115", "GHSA-jpvw-p8pr-9g2x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujbp-cc1r-wfe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6141?format=api", "vulnerability_id": "VCID-v3h9-1t69-v7a3", "summary": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32894", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32919", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32955", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32878", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.33048", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.33015", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32884", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32925", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14330" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-785x-qw4v-6872", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-785x-qw4v-6872" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e" }, { "reference_url": "https://github.com/ansible/ansible/issues/68400", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/68400" }, { "reference_url": "https://github.com/ansible/ansible/pull/69653", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/69653" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-3.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-3.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14330" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856815", "reference_id": "1856815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3600", "reference_id": "RHSA-2020:3600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3600" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13282?format=api", "purl": "pkg:pypi/ansible@2.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/13341?format=api", "purl": "pkg:pypi/ansible@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0" } ], "aliases": [ "CVE-2020-14330", "GHSA-785x-qw4v-6872", "PYSEC-2020-3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v3h9-1t69-v7a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6040?format=api", "vulnerability_id": "VCID-whyk-3ynn-zyf4", "summary": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2020:0547", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2020:0547" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2020:1539", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2020:1539" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1734.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32653", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32691", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.3269", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32664", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32616", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32759", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32624", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32626", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1734" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1734" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-h39q-95q5-9jfp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h39q-95q5-9jfp" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b" }, { "reference_url": "https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0" }, { "reference_url": "https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f" }, { "reference_url": "https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0" }, { "reference_url": "https://github.com/ansible/ansible/issues/67792", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/67792" }, { "reference_url": "https://github.com/ansible/ansible/issues/70159", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/70159" }, { "reference_url": "https://github.com/ansible/ansible/pull/70596", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/70596" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2020-1734", "reference_id": "CVE-2020-1734", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2020-1734" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", "reference_id": "CVE-2020-1734", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/10624?format=api", "purl": "pkg:pypi/ansible@2.8.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/13280?format=api", "purl": "pkg:pypi/ansible@2.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/13340?format=api", "purl": "pkg:pypi/ansible@2.10.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1" } ], "aliases": [ "CVE-2020-1734", "GHSA-h39q-95q5-9jfp", "PYSEC-2020-6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-whyk-3ynn-zyf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5745?format=api", "vulnerability_id": "VCID-wqm7-2ajr-6ue8", "summary": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2018:3788", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2018:3788" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2150", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2151", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2152", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2166", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2321", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2585", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0054", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0054" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10874.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10874.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2018-10874", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2018-10874" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14406", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14404", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14441", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14492", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14437", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14354", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14546", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14476", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10874" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10874", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10874" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/10d6fe6c98cfee9a7be0fea6102ba5dec951aec7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/10d6fe6c98cfee9a7be0fea6102ba5dec951aec7" }, { "reference_url": "https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e" }, { "reference_url": "https://github.com/ansible/ansible/commit/44874addc7ea136f83c67d5869047ece02645fdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/44874addc7ea136f83c67d5869047ece02645fdb" }, { "reference_url": "https://github.com/ansible/ansible/pull/42067", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/42067" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-81.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-81.yaml" }, { "reference_url": "https://usn.ubuntu.com/4072-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4072-1" }, { "reference_url": "https://usn.ubuntu.com/4072-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4072-1/" }, { "reference_url": "https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396" }, { "reference_url": "http://www.securitytracker.com/id/1041396", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041396" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874", "reference_id": "CVE-2018-10874", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874" }, { "reference_url": "https://github.com/advisories/GHSA-3xvg-x47j-x75w", "reference_id": "GHSA-3xvg-x47j-x75w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3xvg-x47j-x75w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4288?format=api", "purl": "pkg:pypi/ansible@2.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-s1r4-29kw-5kbg" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6632?format=api", "purl": "pkg:pypi/ansible@2.4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-y91x-2rch-pkar" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/6633?format=api", "purl": "pkg:pypi/ansible@2.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-y91x-2rch-pkar" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/6634?format=api", "purl": "pkg:pypi/ansible@2.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.1" } ], "aliases": [ "CVE-2018-10874", "GHSA-3xvg-x47j-x75w", "PYSEC-2018-81" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqm7-2ajr-6ue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5914?format=api", "vulnerability_id": "VCID-x5e2-7whc-v3fc", "summary": "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3744", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3789", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3789" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10156.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10156.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65949", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00653", "scoring_system": "epss", "scoring_elements": "0.70844", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00653", "scoring_system": "epss", "scoring_elements": "0.7083", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00653", "scoring_system": "epss", "scoring_elements": "0.70837", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00653", "scoring_system": "epss", "scoring_elements": "0.70862", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00653", "scoring_system": "epss", "scoring_elements": "0.70881", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00653", "scoring_system": "epss", "scoring_elements": "0.70896", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00653", "scoring_system": "epss", "scoring_elements": "0.70919", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00653", "scoring_system": "epss", "scoring_elements": "0.70904", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10156" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-grgm-pph5-j5h7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-grgm-pph5-j5h7" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/04e94274fb92e116e9082cc9b86b1fd05c836922", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/04e94274fb92e116e9082cc9b86b1fd05c836922" }, { "reference_url": "https://github.com/ansible/ansible/commit/3ff6505e8ff0e4655bab008886983476ef903375", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/3ff6505e8ff0e4655bab008886983476ef903375" }, { "reference_url": "https://github.com/ansible/ansible/commit/a11c3edfa41e7e4a4db323cdabfc2eae1b61da2a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/a11c3edfa41e7e4a4db323cdabfc2eae1b61da2a" }, { "reference_url": "https://github.com/ansible/ansible/pull/57188", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/57188" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-2.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-2.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10156" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1717311", "reference_id": "1717311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1717311" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930065", "reference_id": "930065", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1705", "reference_id": "RHSA-2019:1705", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1705" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1706", "reference_id": "RHSA-2019:1706", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1706" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1707", "reference_id": "RHSA-2019:1707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1707" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1708", "reference_id": "RHSA-2019:1708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1708" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8970?format=api", "purl": "pkg:pypi/ansible@2.6.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/7565?format=api", "purl": "pkg:pypi/ansible@2.7.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/8971?format=api", "purl": "pkg:pypi/ansible@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-7uu9-tj6b-quf6" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.2" } ], "aliases": [ "CVE-2019-10156", "GHSA-grgm-pph5-j5h7", "PYSEC-2019-2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5e2-7whc-v3fc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6461?format=api", "vulnerability_id": "VCID-x94k-nxyd-27gs", "summary": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10729.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10729.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23336", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2329", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2339", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23427", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23408", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23358", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23285", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23464", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23501", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10729" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-r6h7-5pq2-j77h", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6h7-5pq2-j77h" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.6/changelogs/CHANGELOG-v2.9.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.6/changelogs/CHANGELOG-v2.9.rst" }, { "reference_url": "https://github.com/ansible/ansible/commit/c520d70bf4748c8ee6718a7d0d0254051ba1c2e9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/c520d70bf4748c8ee6718a7d0d0254051ba1c2e9" }, { "reference_url": "https://github.com/ansible/ansible/issues/34144", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/34144" }, { "reference_url": "https://github.com/ansible/ansible/pull/67429", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/67429" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-105.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-105.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10729" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://usn.ubuntu.com/7330-1/", "reference_id": "USN-7330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7330-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-10729", "GHSA-r6h7-5pq2-j77h", "PYSEC-2021-105" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x94k-nxyd-27gs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6459?format=api", "vulnerability_id": "VCID-xw8r-fn6y-mbhp", "summary": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-20191", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11217", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11266", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1121", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11131", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11255", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11108", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11243", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11277", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20191" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0" }, { "reference_url": "https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc" }, { "reference_url": "https://github.com/ansible/ansible/pull/73488", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73488" }, { "reference_url": "https://github.com/ansible/ansible/pull/73489", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73489" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753", "reference_id": "985753", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0663", "reference_id": "RHSA-2021:0663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0664", "reference_id": "RHSA-2021:0664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1079", "reference_id": "RHSA-2021:1079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2180", "reference_id": "RHSA-2021:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2180" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13290?format=api", "purl": "pkg:pypi/ansible@2.8.19rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/13291?format=api", "purl": "pkg:pypi/ansible@2.8.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-x94k-nxyd-27gs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/13309?format=api", "purl": "pkg:pypi/ansible@2.9.18rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/13310?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/17135?format=api", "purl": "pkg:pypi/ansible@2.10.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7" } ], "aliases": [ "CVE-2021-20191", "GHSA-8f4m-hccc-8qph", "PYSEC-2021-124" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xw8r-fn6y-mbhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5753?format=api", "vulnerability_id": "VCID-y91x-2rch-pkar", "summary": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2018:3788", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2018:3788" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2150", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2151", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2152", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2166", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2321", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2585", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0054", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0054" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10875.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10875.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13325", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13206", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13233", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13255", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13293", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13334", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13397", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13194", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13274", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10875" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba5981", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba5981" }, { "reference_url": "https://github.com/ansible/ansible/commit/f32c42c37aaf7b9db93ea3151b2f42a0c4bd8172", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/f32c42c37aaf7b9db93ea3151b2f42a0c4bd8172" }, { "reference_url": "https://github.com/ansible/ansible/commit/ff980afefdbe4ceb828bdb1bb2eef03cf616bf63", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/ff980afefdbe4ceb828bdb1bb2eef03cf616bf63" }, { "reference_url": "https://github.com/ansible/ansible/issues/42388", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/42388" }, { "reference_url": "https://github.com/ansible/ansible/pull/42070", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/42070" }, { "reference_url": "https://github.com/ansible/ansible/pull/43583", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/43583" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-43.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-43.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html" }, { "reference_url": "https://usn.ubuntu.com/4072-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4072-1" }, { "reference_url": "https://usn.ubuntu.com/4072-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4072-1/" }, { "reference_url": "https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4396", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4396" }, { "reference_url": "http://www.securitytracker.com/id/1041396", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041396" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533", "reference_id": "1596533", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:gluster_storage:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:gluster_storage:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:gluster_storage:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875", "reference_id": "CVE-2018-10875", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875" }, { "reference_url": "https://github.com/advisories/GHSA-fc4h-467w-46rh", "reference_id": "GHSA-fc4h-467w-46rh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fc4h-467w-46rh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4288?format=api", "purl": "pkg:pypi/ansible@2.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-s1r4-29kw-5kbg" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6632?format=api", "purl": "pkg:pypi/ansible@2.4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-y91x-2rch-pkar" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/6633?format=api", "purl": "pkg:pypi/ansible@2.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-y91x-2rch-pkar" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/6634?format=api", "purl": "pkg:pypi/ansible@2.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b1pw-nusu-27c4" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-ckt2-us5z-pyef" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-swpr-3qae-d7fe" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.1" } ], "aliases": [ "CVE-2018-10875", "GHSA-fc4h-467w-46rh", "PYSEC-2018-43" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y91x-2rch-pkar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5724?format=api", "vulnerability_id": "VCID-yc8n-wxb4-1uaz", "summary": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0448", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0515", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1685", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1685" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88554", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.8855", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88545", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88523", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88506", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88499", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88561", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9587" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:C/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-m956-frf4-m2wr", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m956-frf4-m2wr" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/201701-77", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-77" }, { "reference_url": "https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352" }, { "reference_url": "https://www.exploit-db.com/exploits/41013", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/41013" }, { "reference_url": "https://www.exploit-db.com/exploits/41013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/41013/" }, { "reference_url": "http://www.securityfocus.com/bid/95352", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95352" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404378", "reference_id": "1404378", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846", "reference_id": "850846", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846" }, { "reference_url": "https://security.archlinux.org/AVG-137", "reference_id": "AVG-137", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-137" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9587", "reference_id": "CVE-2016-9587", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9587" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41013.txt", "reference_id": "CVE-2016-9587;CT-2017-0109", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41013.txt" }, { "reference_url": "https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt", "reference_id": "CVE-2016-9587;CT-2017-0109", "reference_type": "exploit", "scores": [], "url": "https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0195", "reference_id": "RHSA-2017:0195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0260", "reference_id": "RHSA-2017:0260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0260" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6465?format=api", "purl": "pkg:pypi/ansible@2.1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.1.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/6466?format=api", "purl": "pkg:pypi/ansible@2.2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.1.0" } ], "aliases": [ "CVE-2016-9587", "GHSA-m956-frf4-m2wr", "PYSEC-2018-39" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yc8n-wxb4-1uaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6140?format=api", "vulnerability_id": "VCID-yeea-n94x-qqch", "summary": "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14332.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14332.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35362", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35384", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3542", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35419", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35394", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35348", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35465", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3544", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35239", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14332" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-j667-c2hm-f2wp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j667-c2hm-f2wp" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.10/changelogs/CHANGELOG-v2.10.rst#security-fixes-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/stable-2.10/changelogs/CHANGELOG-v2.10.rst#security-fixes-3" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst#security-fixes-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst#security-fixes-4" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes-6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes-6" }, { "reference_url": "https://github.com/ansible/ansible/commit/291f94934c8c49eef85e6539087f2dfcd001fe4f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/291f94934c8c49eef85e6539087f2dfcd001fe4f" }, { "reference_url": "https://github.com/ansible/ansible/commit/6cae9a4b168df776bf82deb04b2c62e00c38b49a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/6cae9a4b168df776bf82deb04b2c62e00c38b49a" }, { "reference_url": "https://github.com/ansible/ansible/commit/714cd2ad2eff7f003d728414afcb91591fad5d9a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/714cd2ad2eff7f003d728414afcb91591fad5d9a" }, { "reference_url": "https://github.com/ansible/ansible/pull/71033", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/71033" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-4.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-4.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14332" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857805", "reference_id": "1857805", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857805" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966672", "reference_id": "966672", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3600", "reference_id": "RHSA-2020:3600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3600" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13281?format=api", "purl": "pkg:pypi/ansible@2.8.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/13282?format=api", "purl": "pkg:pypi/ansible@2.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/80725?format=api", "purl": "pkg:pypi/ansible@2.10.1rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/13575?format=api", "purl": "pkg:pypi/ansible@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jy6-eqpn-wbce" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1" } ], "aliases": [ "CVE-2020-14332", "GHSA-j667-c2hm-f2wp", "PYSEC-2020-4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yeea-n94x-qqch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90157?format=api", "vulnerability_id": "VCID-ykxk-6mpc-wkgt", "summary": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0756" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846" }, { "reference_url": "https://github.com/ansible/ansible/pull/63366", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/63366" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9396?format=api", "purl": "pkg:pypi/ansible@2.6.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/7567?format=api", "purl": "pkg:pypi/ansible@2.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/9397?format=api", "purl": "pkg:pypi/ansible@2.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dagf-buer-4ffr" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6" } ], "aliases": [ "PYSEC-2019-74" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykxk-6mpc-wkgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6054?format=api", "vulnerability_id": "VCID-yur3-am6j-w7ay", "summary": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1740.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1740.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.082", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08221", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08229", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08212", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08059", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08196", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08149", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08143", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1740" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-vcg8-98q8-g7mj", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vcg8-98q8-g7mj" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/28f9fbdb5e281976e33f443193047068afb97a9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/28f9fbdb5e281976e33f443193047068afb97a9b" }, { "reference_url": "https://github.com/ansible/ansible/commit/2a563514f070a0a8ba64aebf6bce21194be96c73", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/2a563514f070a0a8ba64aebf6bce21194be96c73" }, { "reference_url": "https://github.com/ansible/ansible/commit/685a4b6d3ff72186d2b4ffce73172a5446a71ccc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/685a4b6d3ff72186d2b4ffce73172a5446a71ccc" }, { "reference_url": "https://github.com/ansible/ansible/commit/ef32a5bf96a89107986375516285253c1380d7ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/ef32a5bf96a89107986375516285253c1380d7ef" }, { "reference_url": "https://github.com/ansible/ansible/issues/67798", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/67798" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-12.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-12.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1740" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802193", "reference_id": "1802193", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802193" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1541", "reference_id": "RHSA-2020:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1542", "reference_id": "RHSA-2020:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1543", "reference_id": "RHSA-2020:1543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1544", "reference_id": "RHSA-2020:1544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1544" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/7572?format=api", "purl": "pkg:pypi/ansible@2.8.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10050?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10145?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10146?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-1740", "GHSA-vcg8-98q8-g7mj", "PYSEC-2020-12" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yur3-am6j-w7ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5755?format=api", "vulnerability_id": "VCID-zmr4-652z-r3dm", "summary": "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1244", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1334", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1476", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1499", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1599", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2524", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2524" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7481.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7481.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83292", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83348", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83357", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83372", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83366", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83308", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03507", "scoring_system": "epss", "scoring_elements": "0.87622", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7481" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7481" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-w578-j992-554x", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w578-j992-554x" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/a1886911fcf4b691130cfc70dfc5daa5e07c46a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/a1886911fcf4b691130cfc70dfc5daa5e07c46a3" }, { "reference_url": "https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2" }, { "reference_url": "https://github.com/ansible/ansible/commit/f0e348f5eeb70c1fb3127d90891da43b5c0a9d29", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/f0e348f5eeb70c1fb3127d90891da43b5c0a9d29" }, { "reference_url": "https://github.com/ansible/ansible/commit/fd30f5328986f9e1da434474481f32bf918a600c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/fd30f5328986f9e1da434474481f32bf918a600c" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-41.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-41.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "reference_url": "https://usn.ubuntu.com/4072-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4072-1" }, { "reference_url": "https://usn.ubuntu.com/4072-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4072-1/" }, { "reference_url": "https://web.archive.org/web/20170801122609/http://www.securityfocus.com/bid/98492", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170801122609/http://www.securityfocus.com/bid/98492" }, { "reference_url": "http://www.securityfocus.com/bid/98492", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/98492" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450018", "reference_id": "1450018", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450018" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862666", "reference_id": "862666", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862666" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:gluster_storage:3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:gluster_storage:3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:gluster_storage:3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:storage_console:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:storage_console:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:storage_console:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7481", "reference_id": "CVE-2017-7481", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7481" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6537?format=api", "purl": "pkg:pypi/ansible@2.1.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.1.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/6539?format=api", "purl": "pkg:pypi/ansible@2.2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/5612?format=api", "purl": "pkg:pypi/ansible@2.3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1d7-4rje-ayf9" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.3.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/5614?format=api", "purl": "pkg:pypi/ansible@2.4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jh2-znva-2bb6" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-5hwt-gkgx-jqb4" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1d7-4rje-ayf9" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-y91x-2rch-pkar" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.0.0" } ], "aliases": [ "CVE-2017-7481", "GHSA-w578-j992-554x", "PYSEC-2018-41" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zmr4-652z-r3dm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6057?format=api", "vulnerability_id": "VCID-zzzs-scbg-bbe9", "summary": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1735.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1735.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36287", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36308", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36344", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36338", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36206", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36268", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36433", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.364", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36316", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1735" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-gfr2-qpxh-qj9m", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gfr2-qpxh-qj9m" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes-7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes-7" }, { "reference_url": "https://github.com/ansible/ansible/commit/18f91bbb88a84b1d3614ef41c3550da735592ac1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/18f91bbb88a84b1d3614ef41c3550da735592ac1" }, { "reference_url": "https://github.com/ansible/ansible/commit/40969ff43812fabf5397f818d9e521f9b39c9c9a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/40969ff43812fabf5397f818d9e521f9b39c9c9a" }, { "reference_url": "https://github.com/ansible/ansible/commit/de9a4f5474c5f5db442ae7493d6b5da7177e335d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/de9a4f5474c5f5db442ae7493d6b5da7177e335d" }, { "reference_url": "https://github.com/ansible/ansible/issues/67793", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/issues/67793" }, { "reference_url": "https://github.com/ansible/ansible/pull/69023", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/69023" }, { "reference_url": "https://github.com/ansible/ansible/pull/69024", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/69024" }, { "reference_url": "https://github.com/ansible/ansible/pull/69025", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/69025" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-7.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-7.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:N" }, { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1735" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802085", "reference_id": "1802085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802085" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1541", "reference_id": "RHSA-2020:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1542", "reference_id": "RHSA-2020:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1543", "reference_id": "RHSA-2020:1543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1544", "reference_id": "RHSA-2020:1544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1544" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7570?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/7571?format=api", "purl": "pkg:pypi/ansible@2.7.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/7572?format=api", "purl": "pkg:pypi/ansible@2.8.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-a49n-tvnt-p3df" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-nukv-kkws-xkb1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-uhg5-zpzt-e3gz" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10050?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10621?format=api", "purl": "pkg:pypi/ansible@2.8.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/10051?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jej-4jyp-cqbt" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-ezux-6buh-h7h7" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-h1n3-cmte-eugf" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xg2f-12w4-yqge" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10622?format=api", "purl": "pkg:pypi/ansible@2.9.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-dzdx-wae5-8ydy" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-jrxz-b168-7ug4" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yeea-n94x-qqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.8" } ], "aliases": [ "CVE-2020-1735", "GHSA-gfr2-qpxh-qj9m", "PYSEC-2020-7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzzs-scbg-bbe9" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5513?format=api", "vulnerability_id": "VCID-s1r4-29kw-5kbg", "summary": "The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3096.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3096.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3096", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1098", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11012", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11009", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10955", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1088", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11056", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10995", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10855", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10957", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3096" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322925", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3096", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3096" }, { "reference_url": "https://github.com/advisories/GHSA-rh6x-qvg7-rrmj", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rh6x-qvg7-rrmj" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away" }, { "reference_url": "https://github.com/ansible/ansible-modules-extras/commit/7c3999a92a1cd856ff9bc8913a93ff1aee8bffc3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-extras/commit/7c3999a92a1cd856ff9bc8913a93ff1aee8bffc3" }, { "reference_url": "https://github.com/ansible/ansible-modules-extras/pull/1941", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible-modules-extras/pull/1941" }, { "reference_url": "https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2016-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2016-1.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/ansible-announce/E80HLZilTU0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21topic/ansible-announce/E80HLZilTU0" }, { "reference_url": "https://groups.google.com/forum/#%21topic/ansible-announce/tqiZbcWxYig", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21topic/ansible-announce/tqiZbcWxYig" }, { "reference_url": "https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0" }, { "reference_url": "https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig" }, { "reference_url": "https://security.gentoo.org/glsa/201607-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201607-14" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819676", "reference_id": "819676", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819676" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3096", "reference_id": "CVE-2016-3096", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3096" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30831?format=api", "purl": "pkg:pypi/ansible@1.9.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.9.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4286?format=api", "purl": "pkg:pypi/ansible@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jh2-znva-2bb6" }, { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-s1r4-29kw-5kbg" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-y91x-2rch-pkar" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/4291?format=api", "purl": "pkg:pypi/ansible@2.0.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4yvf-k192-9fca" }, { "vulnerability": "VCID-682j-e2pu-1uee" }, { "vulnerability": "VCID-ae1r-yq1g-rkem" }, { "vulnerability": "VCID-atun-stks-4kcb" }, { "vulnerability": "VCID-axc3-wcsk-q3eg" }, { "vulnerability": "VCID-b8zs-br97-57av" }, { "vulnerability": "VCID-c1xg-s3kx-gkft" }, { "vulnerability": "VCID-d4ka-dk4p-kfhb" }, { "vulnerability": "VCID-d7ez-s7qb-p3ay" }, { "vulnerability": "VCID-drt9-vx5r-akgm" }, { "vulnerability": "VCID-e3z2-ydhb-gqfg" }, { "vulnerability": "VCID-ezaq-tqd3-4yd1" }, { "vulnerability": "VCID-fetz-42jf-nqe8" }, { "vulnerability": "VCID-fj2p-7wkh-1fhq" }, { "vulnerability": "VCID-geaa-6dxx-tbcw" }, { "vulnerability": "VCID-hfxe-jjf5-nqd1" }, { "vulnerability": "VCID-hqar-fca3-cbht" }, { "vulnerability": "VCID-jhxm-379u-subt" }, { "vulnerability": "VCID-jnmu-c8dt-5yb6" }, { "vulnerability": "VCID-js7k-ptm9-2yh1" }, { "vulnerability": "VCID-kb5h-116p-33b4" }, { "vulnerability": "VCID-puq1-z5h7-pkdg" }, { "vulnerability": "VCID-q4q1-aueh-sub2" }, { "vulnerability": "VCID-qbdk-hxhg-wbh4" }, { "vulnerability": "VCID-r6bb-p28b-8fcn" }, { "vulnerability": "VCID-rdwq-93d6-c7b4" }, { "vulnerability": "VCID-rg5d-st3d-nbah" }, { "vulnerability": "VCID-rknj-nkgs-wyg2" }, { "vulnerability": "VCID-t6db-buke-nfhf" }, { "vulnerability": "VCID-tdp4-h4ht-pqhs" }, { "vulnerability": "VCID-ujbp-cc1r-wfe9" }, { "vulnerability": "VCID-v3h9-1t69-v7a3" }, { "vulnerability": "VCID-whyk-3ynn-zyf4" }, { "vulnerability": "VCID-wqm7-2ajr-6ue8" }, { "vulnerability": "VCID-x5e2-7whc-v3fc" }, { "vulnerability": "VCID-x94k-nxyd-27gs" }, { "vulnerability": "VCID-xw8r-fn6y-mbhp" }, { "vulnerability": "VCID-yc8n-wxb4-1uaz" }, { "vulnerability": "VCID-yeea-n94x-qqch" }, { "vulnerability": "VCID-ykxk-6mpc-wkgt" }, { "vulnerability": "VCID-yur3-am6j-w7ay" }, { "vulnerability": "VCID-zmr4-652z-r3dm" }, { "vulnerability": "VCID-zzzs-scbg-bbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.2.0" } ], "aliases": [ "CVE-2016-3096", "GHSA-rh6x-qvg7-rrmj", "PYSEC-2016-1" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1r4-29kw-5kbg" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0" }