VulnerableCode Package Details - pkg:apk/alpine/ansible@2.9.13-r0?arch=mips64&distroversion=v3.12&reponame=main

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-jrxz-b168-7ug4	A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.	CVE-2020-14365 GHSA-m429-fhmv-c6q2 PYSEC-2020-209
VCID-kb5h-116p-33b4	In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.	CVE-2019-14846 GHSA-pm48-cvv2-29q5 PYSEC-2019-4
VCID-v3h9-1t69-v7a3	An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.	CVE-2020-14330 GHSA-785x-qw4v-6872 PYSEC-2020-3
VCID-yeea-n94x-qqch	A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.	CVE-2020-14332 GHSA-j667-c2hm-f2wp PYSEC-2020-4

Vulnerability

Summary

Aliases

VCID-jrxz-b168-7ug4

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

CVE-2020-14365
GHSA-m429-fhmv-c6q2
PYSEC-2020-209

VCID-kb5h-116p-33b4

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.

CVE-2019-14846
GHSA-pm48-cvv2-29q5
PYSEC-2019-4

VCID-v3h9-1t69-v7a3

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.

CVE-2020-14330
GHSA-785x-qw4v-6872
PYSEC-2020-3

VCID-yeea-n94x-qqch

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.

CVE-2020-14332
GHSA-j667-c2hm-f2wp
PYSEC-2020-4

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T17:43:06.762817+00:00	Alpine Linux Importer	Fixing	VCID-v3h9-1t69-v7a3	https://secdb.alpinelinux.org/v3.12/main.json	38.1.0
2026-04-03T17:43:04.006888+00:00	Alpine Linux Importer	Fixing	VCID-kb5h-116p-33b4	https://secdb.alpinelinux.org/v3.12/main.json	38.1.0
2026-04-01T19:32:57.756746+00:00	Alpine Linux Importer	Fixing	VCID-yeea-n94x-qqch	https://secdb.alpinelinux.org/v3.12/main.json	38.0.0
2026-04-01T19:16:59.219557+00:00	Alpine Linux Importer	Fixing	VCID-jrxz-b168-7ug4	https://secdb.alpinelinux.org/v3.12/main.json	38.0.0