| 0 |
| url |
VCID-1d8u-w26v-nqfd |
| vulnerability_id |
VCID-1d8u-w26v-nqfd |
| summary |
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/ansible@2.2.0.0 |
| purl |
pkg:pypi/ansible@2.2.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 3 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 4 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 5 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 6 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 7 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 8 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 9 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 10 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 11 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 12 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 13 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 14 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 15 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 16 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 17 |
| vulnerability |
VCID-mj75-gu96-33ay |
|
| 18 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 19 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 20 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 21 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 22 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 23 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 24 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 25 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 26 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 27 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 28 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0.0 |
|
|
| aliases |
CVE-2016-8628, GHSA-jg4f-jqm5-4mgq, PYSEC-2018-38
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1d8u-w26v-nqfd |
|
| 1 |
| url |
VCID-1sty-hqbq-63hy |
| vulnerability_id |
VCID-1sty-hqbq-63hy |
| summary |
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.6.20 |
| purl |
pkg:pypi/ansible@2.6.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 1 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 2 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 3 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 4 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 5 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 6 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 7 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 8 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 9 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 10 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 11 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 12 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 13 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 14 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 15 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 16 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 17 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 18 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 19 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20 |
|
| 1 |
| url |
pkg:pypi/ansible@2.7.14 |
| purl |
pkg:pypi/ansible@2.7.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-7ben-361w-tkdr |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-etb4-2qch-6kgw |
|
| 11 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 12 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 13 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 14 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 15 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 16 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 17 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 18 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 19 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 20 |
| vulnerability |
VCID-qztj-r7zc-jue3 |
|
| 21 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 22 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 23 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 24 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
| 25 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 26 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14 |
|
| 2 |
| url |
pkg:pypi/ansible@2.8.6 |
| purl |
pkg:pypi/ansible@2.8.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 1 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 2 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 3 |
| vulnerability |
VCID-7ben-361w-tkdr |
|
| 4 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 5 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 6 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 7 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 8 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 9 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 10 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 11 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 12 |
| vulnerability |
VCID-etb4-2qch-6kgw |
|
| 13 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 14 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 15 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 16 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 17 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 18 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 19 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 20 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 21 |
| vulnerability |
VCID-qztj-r7zc-jue3 |
|
| 22 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 23 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 24 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 25 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6 |
|
|
| aliases |
CVE-2019-14846, PYSEC-2019-4
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1sty-hqbq-63hy |
|
| 2 |
| url |
VCID-2tq8-8hu5-juc2 |
| vulnerability_id |
VCID-2tq8-8hu5-juc2 |
| summary |
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@1.9.2 |
| purl |
pkg:pypi/ansible@1.9.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1d8u-w26v-nqfd |
|
| 1 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 2 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-g8tj-eaqr-myaa |
|
| 11 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 12 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 13 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 14 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 15 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 16 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 17 |
| vulnerability |
VCID-j6qc-x7e6-buen |
|
| 18 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 19 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 20 |
| vulnerability |
VCID-mj75-gu96-33ay |
|
| 21 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 22 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 23 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 24 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 25 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 26 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 27 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 28 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 29 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 30 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.9.2 |
|
|
| aliases |
CVE-2015-6240, PYSEC-2017-3
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2tq8-8hu5-juc2 |
|
| 3 |
| url |
VCID-2z4k-r21v-rfgx |
| vulnerability_id |
VCID-2z4k-r21v-rfgx |
| summary |
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.7.17 |
| purl |
pkg:pypi/ansible@2.7.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 1 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 2 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 3 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 4 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 5 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 6 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 7 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 8 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 9 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 10 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 11 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 12 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17 |
|
| 1 |
| url |
pkg:pypi/ansible@2.8.9 |
| purl |
pkg:pypi/ansible@2.8.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 3 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 4 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 5 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 6 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 7 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 8 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 9 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 10 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 11 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 12 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9 |
|
| 2 |
| url |
pkg:pypi/ansible@2.9.6 |
| purl |
pkg:pypi/ansible@2.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 3 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 4 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 5 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 6 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 7 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 8 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 9 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 10 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 11 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 12 |
| vulnerability |
VCID-ptg6-bwz8-pud8 |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6 |
|
|
| aliases |
CVE-2020-1736, GHSA-x7jh-595q-wq82, PYSEC-2020-8
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2z4k-r21v-rfgx |
|
| 4 |
| url |
VCID-7qnx-1gp2-v7bb |
| vulnerability_id |
VCID-7qnx-1gp2-v7bb |
| summary |
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.7.17 |
| purl |
pkg:pypi/ansible@2.7.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 1 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 2 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 3 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 4 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 5 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 6 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 7 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 8 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 9 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 10 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 11 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 12 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17 |
|
| 1 |
| url |
pkg:pypi/ansible@2.8.9 |
| purl |
pkg:pypi/ansible@2.8.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 3 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 4 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 5 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 6 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 7 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 8 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 9 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 10 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 11 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 12 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9 |
|
| 2 |
| url |
pkg:pypi/ansible@2.9.6 |
| purl |
pkg:pypi/ansible@2.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 3 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 4 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 5 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 6 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 7 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 8 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 9 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 10 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 11 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 12 |
| vulnerability |
VCID-ptg6-bwz8-pud8 |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6 |
|
|
| aliases |
CVE-2020-1735, GHSA-gfr2-qpxh-qj9m, PYSEC-2020-7
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7qnx-1gp2-v7bb |
|
| 5 |
| url |
VCID-7skd-9hpb-dbhj |
| vulnerability_id |
VCID-7skd-9hpb-dbhj |
| summary |
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@1.6.6 |
| purl |
pkg:pypi/ansible@1.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1d8u-w26v-nqfd |
|
| 1 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 2 |
| vulnerability |
VCID-2tq8-8hu5-juc2 |
|
| 3 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 4 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 5 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 6 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 7 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 8 |
| vulnerability |
VCID-bg46-sd2p-h7ez |
|
| 9 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 10 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 11 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 12 |
| vulnerability |
VCID-g8tj-eaqr-myaa |
|
| 13 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 14 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 15 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 16 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 17 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 18 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 19 |
| vulnerability |
VCID-j6qc-x7e6-buen |
|
| 20 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 21 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 22 |
| vulnerability |
VCID-mj75-gu96-33ay |
|
| 23 |
| vulnerability |
VCID-nb5v-58wt-87gz |
|
| 24 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 25 |
| vulnerability |
VCID-p7d3-epbn-b7bp |
|
| 26 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 27 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 28 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 29 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 30 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 31 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 32 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 33 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 34 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.6 |
|
|
| aliases |
CVE-2014-3498, GHSA-4cvm-5776-jx9f, PYSEC-2017-2
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7skd-9hpb-dbhj |
|
| 6 |
| url |
VCID-833d-up6b-rfe1 |
| vulnerability_id |
VCID-833d-up6b-rfe1 |
| summary |
A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.9.6 |
| purl |
pkg:pypi/ansible@2.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 3 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 4 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 5 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 6 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 7 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 8 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 9 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 10 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 11 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 12 |
| vulnerability |
VCID-ptg6-bwz8-pud8 |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6 |
|
|
| aliases |
CVE-2020-10729, GHSA-r6h7-5pq2-j77h, PYSEC-2021-105
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-833d-up6b-rfe1 |
|
| 7 |
| url |
VCID-8u2v-jtqe-dqg3 |
| vulnerability_id |
VCID-8u2v-jtqe-dqg3 |
| summary |
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20228, GHSA-5rrg-rr89-x9mv, PYSEC-2021-1
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2v-jtqe-dqg3 |
|
| 8 |
| url |
VCID-am9g-ba4h-sfhr |
| vulnerability_id |
VCID-am9g-ba4h-sfhr |
| summary |
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-25635, GHSA-f556-49jc-4rvc, PYSEC-2020-220
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr |
|
| 9 |
| url |
VCID-bg46-sd2p-h7ez |
| vulnerability_id |
VCID-bg46-sd2p-h7ez |
| summary |
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@1.9.2 |
| purl |
pkg:pypi/ansible@1.9.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1d8u-w26v-nqfd |
|
| 1 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 2 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-g8tj-eaqr-myaa |
|
| 11 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 12 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 13 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 14 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 15 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 16 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 17 |
| vulnerability |
VCID-j6qc-x7e6-buen |
|
| 18 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 19 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 20 |
| vulnerability |
VCID-mj75-gu96-33ay |
|
| 21 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 22 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 23 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 24 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 25 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 26 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 27 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 28 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 29 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 30 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.9.2 |
|
|
| aliases |
CVE-2015-3908, GHSA-w64c-pxjj-h866, PYSEC-2015-1
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bg46-sd2p-h7ez |
|
| 10 |
| url |
VCID-cuq1-se5h-vygd |
| vulnerability_id |
VCID-cuq1-se5h-vygd |
| summary |
A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.7.18 |
| purl |
pkg:pypi/ansible@2.7.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 1 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 2 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 3 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 4 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 5 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 6 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 7 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 8 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 9 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 10 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 11 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18 |
|
| 1 |
| url |
pkg:pypi/ansible@2.8.11 |
| purl |
pkg:pypi/ansible@2.8.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 2 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 3 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 4 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 5 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 6 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 7 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 8 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 9 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 10 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 11 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11 |
|
| 2 |
| url |
pkg:pypi/ansible@2.9.7 |
| purl |
pkg:pypi/ansible@2.9.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 2 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 3 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 4 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 5 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 6 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 7 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 8 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 9 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 10 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7 |
|
|
| aliases |
CVE-2020-1753, GHSA-86hp-cj9j-33vv, PYSEC-2020-210
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cuq1-se5h-vygd |
|
| 11 |
| url |
VCID-cxts-25nq-4fcs |
| vulnerability_id |
VCID-cxts-25nq-4fcs |
| summary |
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.7.17 |
| purl |
pkg:pypi/ansible@2.7.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 1 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 2 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 3 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 4 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 5 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 6 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 7 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 8 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 9 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 10 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 11 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 12 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17 |
|
| 1 |
| url |
pkg:pypi/ansible@2.8.9 |
| purl |
pkg:pypi/ansible@2.8.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 3 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 4 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 5 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 6 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 7 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 8 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 9 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 10 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 11 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 12 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9 |
|
| 2 |
| url |
pkg:pypi/ansible@2.9.6 |
| purl |
pkg:pypi/ansible@2.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 3 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 4 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 5 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 6 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 7 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 8 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 9 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 10 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 11 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 12 |
| vulnerability |
VCID-ptg6-bwz8-pud8 |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6 |
|
|
| aliases |
CVE-2020-1740, GHSA-vcg8-98q8-g7mj, PYSEC-2020-12
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cxts-25nq-4fcs |
|
| 12 |
|
| 13 |
| url |
VCID-g8tj-eaqr-myaa |
| vulnerability_id |
VCID-g8tj-eaqr-myaa |
| summary |
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/ansible@2.0.2.0 |
| purl |
pkg:pypi/ansible@2.0.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1d8u-w26v-nqfd |
|
| 1 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 2 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 11 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 12 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 13 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 14 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 15 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 16 |
| vulnerability |
VCID-j6qc-x7e6-buen |
|
| 17 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 18 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 19 |
| vulnerability |
VCID-mj75-gu96-33ay |
|
| 20 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 21 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 22 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 23 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 24 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 25 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 26 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 27 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 28 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 29 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 30 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.2.0 |
|
|
| aliases |
CVE-2016-3096, GHSA-rh6x-qvg7-rrmj, PYSEC-2016-1
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g8tj-eaqr-myaa |
|
| 14 |
|
| 15 |
| url |
VCID-gxw4-ydnj-fkfe |
| vulnerability_id |
VCID-gxw4-ydnj-fkfe |
| summary |
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.7.17 |
| purl |
pkg:pypi/ansible@2.7.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 1 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 2 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 3 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 4 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 5 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 6 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 7 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 8 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 9 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 10 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 11 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 12 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17 |
|
| 1 |
| url |
pkg:pypi/ansible@2.8.9 |
| purl |
pkg:pypi/ansible@2.8.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 3 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 4 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 5 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 6 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 7 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 8 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 9 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 10 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 11 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 12 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9 |
|
| 2 |
| url |
pkg:pypi/ansible@2.9.6 |
| purl |
pkg:pypi/ansible@2.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 3 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 4 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 5 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 6 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 7 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 8 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 9 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 10 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 11 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 12 |
| vulnerability |
VCID-ptg6-bwz8-pud8 |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6 |
|
|
| aliases |
CVE-2020-1739, GHSA-923p-fr2c-g5m2, PYSEC-2020-11
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gxw4-ydnj-fkfe |
|
| 16 |
| url |
VCID-hd4w-ksm9-uycv |
| vulnerability_id |
VCID-hd4w-ksm9-uycv |
| summary |
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.3.0.0 |
| purl |
pkg:pypi/ansible@2.3.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 3 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 4 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 5 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 6 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 7 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 8 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 9 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 10 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 11 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 12 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 13 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 14 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 15 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 16 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 17 |
| vulnerability |
VCID-pm6p-9arz-7ygs |
|
| 18 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 19 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 20 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 21 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 22 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 23 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 24 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 25 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 26 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.3.0.0 |
|
|
| aliases |
CVE-2017-7466, PYSEC-2018-40
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hd4w-ksm9-uycv |
|
| 17 |
|
| 18 |
| url |
VCID-hpqa-ysnc-b7dw |
| vulnerability_id |
VCID-hpqa-ysnc-b7dw |
| summary |
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.5.12 |
| purl |
pkg:pypi/ansible@2.5.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5p9q-7q6e-vkg8 |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 11 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 12 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 13 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 14 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 15 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 16 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 17 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 18 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 19 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 20 |
| vulnerability |
VCID-v5kk-umvk-6fgg |
|
| 21 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 22 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 23 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 24 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.12 |
|
| 1 |
| url |
pkg:pypi/ansible@2.5.13 |
| purl |
pkg:pypi/ansible@2.5.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5p9q-7q6e-vkg8 |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 11 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 12 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 13 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 14 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 15 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 16 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 17 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 18 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 19 |
| vulnerability |
VCID-v5kk-umvk-6fgg |
|
| 20 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 21 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 22 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 23 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.13 |
|
| 2 |
| url |
pkg:pypi/ansible@2.6.9 |
| purl |
pkg:pypi/ansible@2.6.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5p9q-7q6e-vkg8 |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-frk2-9jfm-cybm |
|
| 11 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 12 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 13 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 14 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 15 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 16 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 17 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 18 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 19 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 20 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 21 |
| vulnerability |
VCID-v5kk-umvk-6fgg |
|
| 22 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 23 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 24 |
| vulnerability |
VCID-vxkb-9p6a-5yan |
|
| 25 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 26 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.9 |
|
| 3 |
| url |
pkg:pypi/ansible@2.6.10 |
| purl |
pkg:pypi/ansible@2.6.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5p9q-7q6e-vkg8 |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-frk2-9jfm-cybm |
|
| 11 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 12 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 13 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 14 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 15 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 16 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 17 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 18 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 19 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 20 |
| vulnerability |
VCID-v5kk-umvk-6fgg |
|
| 21 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 22 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 23 |
| vulnerability |
VCID-vxkb-9p6a-5yan |
|
| 24 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 25 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.10 |
|
| 4 |
| url |
pkg:pypi/ansible@2.7.3 |
| purl |
pkg:pypi/ansible@2.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5p9q-7q6e-vkg8 |
|
| 3 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 4 |
| vulnerability |
VCID-7ben-361w-tkdr |
|
| 5 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 6 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 7 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 8 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 9 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 10 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 11 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 12 |
| vulnerability |
VCID-etb4-2qch-6kgw |
|
| 13 |
| vulnerability |
VCID-frk2-9jfm-cybm |
|
| 14 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 15 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 16 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 17 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 18 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 19 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 20 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 21 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 22 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 23 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 24 |
| vulnerability |
VCID-qztj-r7zc-jue3 |
|
| 25 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 26 |
| vulnerability |
VCID-v5kk-umvk-6fgg |
|
| 27 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 28 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 29 |
| vulnerability |
VCID-vxkb-9p6a-5yan |
|
| 30 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
| 31 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 32 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.3 |
|
| 5 |
| url |
pkg:pypi/ansible@2.7.4 |
| purl |
pkg:pypi/ansible@2.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5p9q-7q6e-vkg8 |
|
| 3 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 4 |
| vulnerability |
VCID-7ben-361w-tkdr |
|
| 5 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 6 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 7 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 8 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 9 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 10 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 11 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 12 |
| vulnerability |
VCID-etb4-2qch-6kgw |
|
| 13 |
| vulnerability |
VCID-frk2-9jfm-cybm |
|
| 14 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 15 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 16 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 17 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 18 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 19 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 20 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 21 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 22 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 23 |
| vulnerability |
VCID-qztj-r7zc-jue3 |
|
| 24 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 25 |
| vulnerability |
VCID-v5kk-umvk-6fgg |
|
| 26 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 27 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 28 |
| vulnerability |
VCID-vxkb-9p6a-5yan |
|
| 29 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
| 30 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 31 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.4 |
|
| 6 |
| url |
pkg:pypi/ansible@2.8.1 |
| purl |
pkg:pypi/ansible@2.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 3 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 4 |
| vulnerability |
VCID-7ben-361w-tkdr |
|
| 5 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 6 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 7 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 8 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 9 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 10 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 11 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 12 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 13 |
| vulnerability |
VCID-etb4-2qch-6kgw |
|
| 14 |
| vulnerability |
VCID-frk2-9jfm-cybm |
|
| 15 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 16 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 17 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 18 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 19 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 20 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 21 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 22 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 23 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 24 |
| vulnerability |
VCID-qztj-r7zc-jue3 |
|
| 25 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 26 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 27 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 28 |
| vulnerability |
VCID-vxkb-9p6a-5yan |
|
| 29 |
| vulnerability |
VCID-w1ap-atw2-qbc8 |
|
| 30 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1 |
|
|
| aliases |
CVE-2018-16859, PYSEC-2018-60
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hpqa-ysnc-b7dw |
|
| 19 |
| url |
VCID-hq4d-92s2-vqg6 |
| vulnerability_id |
VCID-hq4d-92s2-vqg6 |
| summary |
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.7.17 |
| purl |
pkg:pypi/ansible@2.7.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 1 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 2 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 3 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 4 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 5 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 6 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 7 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 8 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 9 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 10 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 11 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 12 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17 |
|
| 1 |
| url |
pkg:pypi/ansible@2.8.8 |
| purl |
pkg:pypi/ansible@2.8.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 1 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 2 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 11 |
| vulnerability |
VCID-etb4-2qch-6kgw |
|
| 12 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 13 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 14 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 15 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 16 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 17 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 18 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 19 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 20 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 21 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8 |
|
| 2 |
| url |
pkg:pypi/ansible@2.9.6 |
| purl |
pkg:pypi/ansible@2.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 3 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 4 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 5 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 6 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 7 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 8 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 9 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 10 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 11 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 12 |
| vulnerability |
VCID-ptg6-bwz8-pud8 |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6 |
|
|
| aliases |
CVE-2020-1733, GHSA-g4mq-6fp5-qwcf, PYSEC-2020-5
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hq4d-92s2-vqg6 |
|
| 20 |
| url |
VCID-j6qc-x7e6-buen |
| vulnerability_id |
VCID-j6qc-x7e6-buen |
| summary |
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/ansible@2.2.0.0 |
| purl |
pkg:pypi/ansible@2.2.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 3 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 4 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 5 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 6 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 7 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 8 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 9 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 10 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 11 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 12 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 13 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 14 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 15 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 16 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 17 |
| vulnerability |
VCID-mj75-gu96-33ay |
|
| 18 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 19 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 20 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 21 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 22 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 23 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 24 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 25 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 26 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 27 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 28 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0.0 |
|
|
| aliases |
CVE-2016-8614, GHSA-cmwx-9m2h-x7v4, PYSEC-2018-37
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j6qc-x7e6-buen |
|
| 21 |
| url |
VCID-k8a2-5yfh-j7gp |
| vulnerability_id |
VCID-k8a2-5yfh-j7gp |
| summary |
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.6.18 |
| purl |
pkg:pypi/ansible@2.6.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 3 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 4 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 5 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 6 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 7 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 8 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 9 |
| vulnerability |
VCID-frk2-9jfm-cybm |
|
| 10 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 11 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 12 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 13 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 14 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 15 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 16 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 17 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 18 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 19 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 20 |
| vulnerability |
VCID-vxkb-9p6a-5yan |
|
| 21 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 22 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.18 |
|
| 1 |
| url |
pkg:pypi/ansible@2.7.12 |
| purl |
pkg:pypi/ansible@2.7.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 3 |
| vulnerability |
VCID-7ben-361w-tkdr |
|
| 4 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 5 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 6 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 7 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 8 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 9 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 10 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 11 |
| vulnerability |
VCID-etb4-2qch-6kgw |
|
| 12 |
| vulnerability |
VCID-frk2-9jfm-cybm |
|
| 13 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 14 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 15 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 16 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 17 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 18 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 19 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 20 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 21 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 22 |
| vulnerability |
VCID-qztj-r7zc-jue3 |
|
| 23 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 24 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 25 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 26 |
| vulnerability |
VCID-vxkb-9p6a-5yan |
|
| 27 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
| 28 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 29 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.12 |
|
| 2 |
| url |
pkg:pypi/ansible@2.8.2 |
| purl |
pkg:pypi/ansible@2.8.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 3 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 4 |
| vulnerability |
VCID-7ben-361w-tkdr |
|
| 5 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 6 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 7 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 8 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 9 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 10 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 11 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 12 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 13 |
| vulnerability |
VCID-etb4-2qch-6kgw |
|
| 14 |
| vulnerability |
VCID-frk2-9jfm-cybm |
|
| 15 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 16 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 17 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 18 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 19 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 20 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 21 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 22 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 23 |
| vulnerability |
VCID-qztj-r7zc-jue3 |
|
| 24 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 25 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 26 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 27 |
| vulnerability |
VCID-vxkb-9p6a-5yan |
|
| 28 |
| vulnerability |
VCID-w1ap-atw2-qbc8 |
|
| 29 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.2 |
|
|
| aliases |
CVE-2019-10156, GHSA-grgm-pph5-j5h7, PYSEC-2019-2
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k8a2-5yfh-j7gp |
|
| 22 |
| url |
VCID-mbj9-3bnb-wbda |
| vulnerability_id |
VCID-mbj9-3bnb-wbda |
| summary |
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.7.17 |
| purl |
pkg:pypi/ansible@2.7.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 1 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 2 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 3 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 4 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 5 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 6 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 7 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 8 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 9 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 10 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 11 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 12 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17 |
|
| 1 |
| url |
pkg:pypi/ansible@2.8.9 |
| purl |
pkg:pypi/ansible@2.8.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 3 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 4 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 5 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 6 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 7 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 8 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 9 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 10 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 11 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 12 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9 |
|
| 2 |
| url |
pkg:pypi/ansible@2.9.6 |
| purl |
pkg:pypi/ansible@2.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 3 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 4 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 5 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 6 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 7 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 8 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 9 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 10 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 11 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 12 |
| vulnerability |
VCID-ptg6-bwz8-pud8 |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6 |
|
|
| aliases |
CVE-2020-1737, GHSA-893h-35v4-mxqx, PYSEC-2020-9
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mbj9-3bnb-wbda |
|
| 23 |
| url |
VCID-mj75-gu96-33ay |
| vulnerability_id |
VCID-mj75-gu96-33ay |
| summary |
arbitrary command execution |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.1.4.0 |
| purl |
pkg:pypi/ansible@2.1.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1d8u-w26v-nqfd |
|
| 1 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 2 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 11 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 12 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 13 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 14 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 15 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 16 |
| vulnerability |
VCID-j6qc-x7e6-buen |
|
| 17 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 18 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 19 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 20 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 21 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 22 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 23 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 24 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 25 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 26 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 27 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 28 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 29 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.1.4.0 |
|
| 1 |
| url |
pkg:pypi/ansible@2.2.1.0 |
| purl |
pkg:pypi/ansible@2.2.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 3 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 4 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 5 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 6 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 7 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 8 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 9 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 10 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 11 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 12 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 13 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 14 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 15 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 16 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 17 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 18 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 19 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 20 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 21 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 22 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 23 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 24 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 25 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 26 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.1.0 |
|
|
| aliases |
CVE-2016-9587, GHSA-m956-frf4-m2wr, PYSEC-2018-39
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mj75-gu96-33ay |
|
| 24 |
| url |
VCID-nb5v-58wt-87gz |
| vulnerability_id |
VCID-nb5v-58wt-87gz |
| summary |
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@1.6.7 |
| purl |
pkg:pypi/ansible@1.6.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1d8u-w26v-nqfd |
|
| 1 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 2 |
| vulnerability |
VCID-2tq8-8hu5-juc2 |
|
| 3 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 4 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 5 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 6 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 7 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 8 |
| vulnerability |
VCID-bg46-sd2p-h7ez |
|
| 9 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 10 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 11 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 12 |
| vulnerability |
VCID-g8tj-eaqr-myaa |
|
| 13 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 14 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 15 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 16 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 17 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 18 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 19 |
| vulnerability |
VCID-j6qc-x7e6-buen |
|
| 20 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 21 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 22 |
| vulnerability |
VCID-mj75-gu96-33ay |
|
| 23 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 24 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 25 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 26 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 27 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 28 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 29 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 30 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 31 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 32 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.7 |
|
|
| aliases |
CVE-2014-4967, PYSEC-2020-205
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nb5v-58wt-87gz |
|
| 25 |
| url |
VCID-p4p5-29r5-8qh9 |
| vulnerability_id |
VCID-p4p5-29r5-8qh9 |
| summary |
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20191, GHSA-8f4m-hccc-8qph, PYSEC-2021-124
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p4p5-29r5-8qh9 |
|
| 26 |
| url |
VCID-p7d3-epbn-b7bp |
| vulnerability_id |
VCID-p7d3-epbn-b7bp |
| summary |
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@1.6.7 |
| purl |
pkg:pypi/ansible@1.6.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1d8u-w26v-nqfd |
|
| 1 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 2 |
| vulnerability |
VCID-2tq8-8hu5-juc2 |
|
| 3 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 4 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 5 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 6 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 7 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 8 |
| vulnerability |
VCID-bg46-sd2p-h7ez |
|
| 9 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 10 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 11 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 12 |
| vulnerability |
VCID-g8tj-eaqr-myaa |
|
| 13 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 14 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 15 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 16 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 17 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 18 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 19 |
| vulnerability |
VCID-j6qc-x7e6-buen |
|
| 20 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 21 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 22 |
| vulnerability |
VCID-mj75-gu96-33ay |
|
| 23 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 24 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 25 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 26 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 27 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 28 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 29 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 30 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 31 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 32 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.7 |
|
|
| aliases |
CVE-2014-4966, PYSEC-2020-204
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p7d3-epbn-b7bp |
|
| 27 |
| url |
VCID-pqj1-u787-g3aj |
| vulnerability_id |
VCID-pqj1-u787-g3aj |
| summary |
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20178, GHSA-wv5p-gmmv-wh9v, PYSEC-2021-106
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pqj1-u787-g3aj |
|
| 28 |
| url |
VCID-rgcg-pkhf-7ydk |
| vulnerability_id |
VCID-rgcg-pkhf-7ydk |
| summary |
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.2.1.0 |
| purl |
pkg:pypi/ansible@2.2.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 3 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 4 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 5 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 6 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 7 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 8 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 9 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 10 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 11 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 12 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 13 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 14 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 15 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 16 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 17 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 18 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 19 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 20 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 21 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 22 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 23 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 24 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 25 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 26 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.1.0 |
|
|
| aliases |
CVE-2016-8647, GHSA-x4cm-m36h-c6qj, PYSEC-2018-58
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rgcg-pkhf-7ydk |
|
| 29 |
| url |
VCID-subj-aje2-93bk |
| vulnerability_id |
VCID-subj-aje2-93bk |
| summary |
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.7.17 |
| purl |
pkg:pypi/ansible@2.7.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 1 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 2 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 3 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 4 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 5 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 6 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 7 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 8 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 9 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 10 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 11 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 12 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17 |
|
| 1 |
| url |
pkg:pypi/ansible@2.8.9 |
| purl |
pkg:pypi/ansible@2.8.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 3 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 4 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 5 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 6 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 7 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 8 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 9 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 10 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 11 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 12 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9 |
|
| 2 |
| url |
pkg:pypi/ansible@2.9.6 |
| purl |
pkg:pypi/ansible@2.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 3 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 4 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 5 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 6 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 7 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 8 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 9 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 10 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 11 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 12 |
| vulnerability |
VCID-ptg6-bwz8-pud8 |
|
| 13 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 14 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6 |
|
|
| aliases |
CVE-2020-1738, GHSA-f85h-23mf-2fwh, PYSEC-2020-10
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-subj-aje2-93bk |
|
| 30 |
| url |
VCID-utrp-hfpb-tygj |
| vulnerability_id |
VCID-utrp-hfpb-tygj |
| summary |
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.1.6.0 |
| purl |
pkg:pypi/ansible@2.1.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1d8u-w26v-nqfd |
|
| 1 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 2 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 11 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 12 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 13 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 14 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 15 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 16 |
| vulnerability |
VCID-j6qc-x7e6-buen |
|
| 17 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 18 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 19 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 20 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 21 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 22 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 23 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 24 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 25 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 26 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 27 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 28 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 29 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.1.6.0 |
|
| 1 |
| url |
pkg:pypi/ansible@2.2.3.0 |
| purl |
pkg:pypi/ansible@2.2.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 3 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 4 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 5 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 6 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 7 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 8 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 9 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 10 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 11 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 12 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 13 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 14 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 15 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 16 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 17 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 18 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 19 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 20 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 21 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 22 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 23 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 24 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 25 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 26 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.3.0 |
|
| 2 |
| url |
pkg:pypi/ansible@2.3.1.0 |
| purl |
pkg:pypi/ansible@2.3.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 3 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 4 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 5 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 6 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 7 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 8 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 9 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 10 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 11 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 12 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 13 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 14 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 15 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 16 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 17 |
| vulnerability |
VCID-pm6p-9arz-7ygs |
|
| 18 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 19 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 20 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 21 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 22 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 23 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 24 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 25 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.3.1.0 |
|
| 3 |
| url |
pkg:pypi/ansible@2.4.0.0 |
| purl |
pkg:pypi/ansible@2.4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5cgu-g45y-q3cj |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 11 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 12 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 13 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 14 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 15 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 16 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 17 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 18 |
| vulnerability |
VCID-pm6p-9arz-7ygs |
|
| 19 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 20 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 21 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 22 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 23 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 24 |
| vulnerability |
VCID-x99c-b7ve-hkdj |
|
| 25 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 26 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 27 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.0.0 |
|
|
| aliases |
CVE-2017-7481, GHSA-w578-j992-554x, PYSEC-2018-41
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-utrp-hfpb-tygj |
|
| 31 |
| url |
VCID-vhxq-1hqq-77bx |
| vulnerability_id |
VCID-vhxq-1hqq-77bx |
| summary |
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-14330, GHSA-785x-qw4v-6872, PYSEC-2020-3
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx |
|
| 32 |
| url |
VCID-vsv2-4d8c-m3g1 |
| vulnerability_id |
VCID-vsv2-4d8c-m3g1 |
| summary |
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.7.15 |
| purl |
pkg:pypi/ansible@2.7.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 1 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 2 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 3 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 4 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 5 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 6 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 7 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 8 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 9 |
| vulnerability |
VCID-etb4-2qch-6kgw |
|
| 10 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 11 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 12 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 13 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 14 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 15 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 16 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 17 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 18 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 19 |
| vulnerability |
VCID-qztj-r7zc-jue3 |
|
| 20 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 21 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 22 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
| 23 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 24 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15 |
|
| 1 |
| url |
pkg:pypi/ansible@2.8.7 |
| purl |
pkg:pypi/ansible@2.8.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 1 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 2 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 11 |
| vulnerability |
VCID-etb4-2qch-6kgw |
|
| 12 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 13 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 14 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 15 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 16 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 17 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 18 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 19 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 20 |
| vulnerability |
VCID-qztj-r7zc-jue3 |
|
| 21 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 22 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 23 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7 |
|
| 2 |
| url |
pkg:pypi/ansible@2.9.2 |
| purl |
pkg:pypi/ansible@2.9.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 1 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 2 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 11 |
| vulnerability |
VCID-etb4-2qch-6kgw |
|
| 12 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 13 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 14 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 15 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 16 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 17 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 18 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 19 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 20 |
| vulnerability |
VCID-ptg6-bwz8-pud8 |
|
| 21 |
| vulnerability |
VCID-qztj-r7zc-jue3 |
|
| 22 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 23 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 24 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2 |
|
|
| aliases |
CVE-2019-14904, GHSA-gwr8-5j83-483c, PYSEC-2020-161
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vsv2-4d8c-m3g1 |
|
| 33 |
| url |
VCID-x4mr-vrp9-ufg6 |
| vulnerability_id |
VCID-x4mr-vrp9-ufg6 |
| summary |
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.7.17 |
| purl |
pkg:pypi/ansible@2.7.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 1 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 2 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 3 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 4 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 5 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 6 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 7 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 8 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 9 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 10 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 11 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 12 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17 |
|
| 1 |
| url |
pkg:pypi/ansible@2.8.13 |
| purl |
pkg:pypi/ansible@2.8.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5t77-f231-6ffg |
|
| 1 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 2 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 3 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 4 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 5 |
| vulnerability |
VCID-ec6s-8f24-9bh7 |
|
| 6 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 7 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 8 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 9 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 10 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13 |
|
| 2 |
|
| 3 |
|
|
| aliases |
CVE-2020-1734, GHSA-h39q-95q5-9jfp, PYSEC-2020-6
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x4mr-vrp9-ufg6 |
|
| 34 |
| url |
VCID-yre5-mmmj-q3bn |
| vulnerability_id |
VCID-yre5-mmmj-q3bn |
| summary |
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.0.0.1 |
| purl |
pkg:pypi/ansible@2.0.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1d8u-w26v-nqfd |
|
| 1 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 2 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-g8tj-eaqr-myaa |
|
| 11 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 12 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 13 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 14 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 15 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 16 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 17 |
| vulnerability |
VCID-j6qc-x7e6-buen |
|
| 18 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 19 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 20 |
| vulnerability |
VCID-mj75-gu96-33ay |
|
| 21 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 22 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 23 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 24 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 25 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 26 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 27 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 28 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 29 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 30 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 31 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1 |
|
| 1 |
| url |
pkg:pypi/ansible@2.5.11 |
| purl |
pkg:pypi/ansible@2.5.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5p9q-7q6e-vkg8 |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 11 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 12 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 13 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 14 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 15 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 16 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 17 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 18 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 19 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 20 |
| vulnerability |
VCID-v5kk-umvk-6fgg |
|
| 21 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 22 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 23 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 24 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.11 |
|
| 2 |
| url |
pkg:pypi/ansible@2.6.7 |
| purl |
pkg:pypi/ansible@2.6.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5p9q-7q6e-vkg8 |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-frk2-9jfm-cybm |
|
| 11 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 12 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 13 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 14 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 15 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 16 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 17 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 18 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 19 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 20 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 21 |
| vulnerability |
VCID-v5kk-umvk-6fgg |
|
| 22 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 23 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 24 |
| vulnerability |
VCID-vxkb-9p6a-5yan |
|
| 25 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 26 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.7 |
|
| 3 |
| url |
pkg:pypi/ansible@2.7.1 |
| purl |
pkg:pypi/ansible@2.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5p9q-7q6e-vkg8 |
|
| 3 |
| vulnerability |
VCID-78m2-3fj5-tbh1 |
|
| 4 |
| vulnerability |
VCID-7ben-361w-tkdr |
|
| 5 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 6 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 7 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 8 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 9 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 10 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 11 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 12 |
| vulnerability |
VCID-etb4-2qch-6kgw |
|
| 13 |
| vulnerability |
VCID-frk2-9jfm-cybm |
|
| 14 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 15 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 16 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 17 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 18 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 19 |
| vulnerability |
VCID-hs3w-mah1-ckb5 |
|
| 20 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 21 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 22 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 23 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 24 |
| vulnerability |
VCID-qztj-r7zc-jue3 |
|
| 25 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 26 |
| vulnerability |
VCID-v5kk-umvk-6fgg |
|
| 27 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 28 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 29 |
| vulnerability |
VCID-vxkb-9p6a-5yan |
|
| 30 |
| vulnerability |
VCID-w2n8-uxbb-k7f9 |
|
| 31 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 32 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.1 |
|
|
| aliases |
CVE-2018-16837, PYSEC-2018-44
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yre5-mmmj-q3bn |
|
| 35 |
| url |
VCID-yt5j-unv8-yudk |
| vulnerability_id |
VCID-yt5j-unv8-yudk |
| summary |
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@1.6.4 |
| purl |
pkg:pypi/ansible@1.6.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1d8u-w26v-nqfd |
|
| 1 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 2 |
| vulnerability |
VCID-2tq8-8hu5-juc2 |
|
| 3 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 4 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 5 |
| vulnerability |
VCID-7skd-9hpb-dbhj |
|
| 6 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 7 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 8 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 9 |
| vulnerability |
VCID-bg46-sd2p-h7ez |
|
| 10 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 11 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 12 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 13 |
| vulnerability |
VCID-g8tj-eaqr-myaa |
|
| 14 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 15 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 16 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 17 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 18 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 19 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 20 |
| vulnerability |
VCID-j6qc-x7e6-buen |
|
| 21 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 22 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 23 |
| vulnerability |
VCID-mj75-gu96-33ay |
|
| 24 |
| vulnerability |
VCID-nb5v-58wt-87gz |
|
| 25 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 26 |
| vulnerability |
VCID-p7d3-epbn-b7bp |
|
| 27 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 28 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 29 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 30 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 31 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 32 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 33 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 34 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 35 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.4 |
|
|
| aliases |
CVE-2014-4678, PYSEC-2020-203
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yt5j-unv8-yudk |
|
| 36 |
| url |
VCID-zwrg-9mrq-effd |
| vulnerability_id |
VCID-zwrg-9mrq-effd |
| summary |
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.0.0.1 |
| purl |
pkg:pypi/ansible@2.0.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1d8u-w26v-nqfd |
|
| 1 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 2 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-g8tj-eaqr-myaa |
|
| 11 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 12 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 13 |
| vulnerability |
VCID-hd4w-ksm9-uycv |
|
| 14 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 15 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 16 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 17 |
| vulnerability |
VCID-j6qc-x7e6-buen |
|
| 18 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 19 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 20 |
| vulnerability |
VCID-mj75-gu96-33ay |
|
| 21 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 22 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 23 |
| vulnerability |
VCID-rgcg-pkhf-7ydk |
|
| 24 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 25 |
| vulnerability |
VCID-utrp-hfpb-tygj |
|
| 26 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 27 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 28 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 29 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 30 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
| 31 |
| vulnerability |
VCID-zwrg-9mrq-effd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1 |
|
| 1 |
| url |
pkg:pypi/ansible@2.4.6.0 |
| purl |
pkg:pypi/ansible@2.4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 3 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 4 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 5 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 6 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 7 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 8 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 9 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 10 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 11 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 12 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 13 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 14 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 15 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 16 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 17 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 18 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 19 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 20 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 21 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 22 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 23 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.6.0 |
|
| 2 |
| url |
pkg:pypi/ansible@2.5.6 |
| purl |
pkg:pypi/ansible@2.5.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5p9q-7q6e-vkg8 |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 11 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 12 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 13 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 14 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 15 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 16 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 17 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 18 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 19 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 20 |
| vulnerability |
VCID-v5kk-umvk-6fgg |
|
| 21 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 22 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 23 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 24 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 25 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.6 |
|
| 3 |
| url |
pkg:pypi/ansible@2.6.1 |
| purl |
pkg:pypi/ansible@2.6.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1sty-hqbq-63hy |
|
| 1 |
| vulnerability |
VCID-2z4k-r21v-rfgx |
|
| 2 |
| vulnerability |
VCID-5p9q-7q6e-vkg8 |
|
| 3 |
| vulnerability |
VCID-7qnx-1gp2-v7bb |
|
| 4 |
| vulnerability |
VCID-833d-up6b-rfe1 |
|
| 5 |
| vulnerability |
VCID-8u2v-jtqe-dqg3 |
|
| 6 |
| vulnerability |
VCID-am9g-ba4h-sfhr |
|
| 7 |
| vulnerability |
VCID-cuq1-se5h-vygd |
|
| 8 |
| vulnerability |
VCID-cxts-25nq-4fcs |
|
| 9 |
| vulnerability |
VCID-dkds-s3ad-cufa |
|
| 10 |
| vulnerability |
VCID-frk2-9jfm-cybm |
|
| 11 |
| vulnerability |
VCID-gm99-68bj-c3cz |
|
| 12 |
| vulnerability |
VCID-gxw4-ydnj-fkfe |
|
| 13 |
| vulnerability |
VCID-hjc4-jcfm-7be5 |
|
| 14 |
| vulnerability |
VCID-hpqa-ysnc-b7dw |
|
| 15 |
| vulnerability |
VCID-hq4d-92s2-vqg6 |
|
| 16 |
| vulnerability |
VCID-k8a2-5yfh-j7gp |
|
| 17 |
| vulnerability |
VCID-mbj9-3bnb-wbda |
|
| 18 |
| vulnerability |
VCID-p4p5-29r5-8qh9 |
|
| 19 |
| vulnerability |
VCID-pqj1-u787-g3aj |
|
| 20 |
| vulnerability |
VCID-subj-aje2-93bk |
|
| 21 |
| vulnerability |
VCID-v5kk-umvk-6fgg |
|
| 22 |
| vulnerability |
VCID-vhxq-1hqq-77bx |
|
| 23 |
| vulnerability |
VCID-vsv2-4d8c-m3g1 |
|
| 24 |
| vulnerability |
VCID-vxkb-9p6a-5yan |
|
| 25 |
| vulnerability |
VCID-x4mr-vrp9-ufg6 |
|
| 26 |
| vulnerability |
VCID-ykkx-swgs-vybn |
|
| 27 |
| vulnerability |
VCID-yre5-mmmj-q3bn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.1 |
|
|
| aliases |
CVE-2018-10874, PYSEC-2018-81
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zwrg-9mrq-effd |
|