VulnerableCode Package Details - pkg:deb/debian/ansible@0?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2jy6-eqpn-wbce	A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.	CVE-2020-25636 PYSEC-2020-221
VCID-ckt2-us5z-pyef	ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None	CVE-2019-14856 GHSA-6fq2-x65v-v9h7 PYSEC-2019-146
VCID-ebtk-4m83-ryez	A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality	CVE-2020-25646
VCID-qbdk-hxhg-wbh4	Ansible Community General Collection is vulnerable to exposure of sensitive information A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.	CVE-2025-14010 GHSA-8ggh-xwr9-3373
VCID-r6bb-p28b-8fcn	Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.	CVE-2018-16859 GHSA-v735-2pp6-h86r PYSEC-2018-60
VCID-rg5d-st3d-nbah	A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.	CVE-2020-25635 GHSA-f556-49jc-4rvc PYSEC-2020-220
VCID-xak4-qbwg-z3b7	lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.	CVE-2013-4260 GHSA-pcqv-c46v-2p4v PYSEC-2013-2

Vulnerability

Summary

Aliases

VCID-2jy6-eqpn-wbce

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.

CVE-2020-25636
PYSEC-2020-221

VCID-ckt2-us5z-pyef

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None

CVE-2019-14856
GHSA-6fq2-x65v-v9h7
PYSEC-2019-146

VCID-ebtk-4m83-ryez

A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality

CVE-2020-25646

VCID-qbdk-hxhg-wbh4

Ansible Community General Collection is vulnerable to exposure of sensitive information A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.

CVE-2025-14010
GHSA-8ggh-xwr9-3373

VCID-r6bb-p28b-8fcn

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.

CVE-2018-16859
GHSA-v735-2pp6-h86r
PYSEC-2018-60

VCID-rg5d-st3d-nbah

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.

CVE-2020-25635
GHSA-f556-49jc-4rvc
PYSEC-2020-220

VCID-xak4-qbwg-z3b7

lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.

CVE-2013-4260
GHSA-pcqv-c46v-2p4v
PYSEC-2013-2

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:48:34.589431+00:00	Debian Importer	Fixing	VCID-r6bb-p28b-8fcn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:13:32.712576+00:00	Debian Importer	Fixing	VCID-xak4-qbwg-z3b7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:01:28.673291+00:00	Debian Importer	Fixing	VCID-rg5d-st3d-nbah	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:29:47.215176+00:00	Debian Importer	Fixing	VCID-ckt2-us5z-pyef	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:17:29.506272+00:00	Debian Importer	Fixing	VCID-qbdk-hxhg-wbh4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:17:40.978657+00:00	Debian Importer	Fixing	VCID-2jy6-eqpn-wbce	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:07:06.931159+00:00	Debian Importer	Fixing	VCID-ebtk-4m83-ryez	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:47:16.279473+00:00	Debian Importer	Fixing	VCID-r6bb-p28b-8fcn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:21:48.994155+00:00	Debian Importer	Fixing	VCID-xak4-qbwg-z3b7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:12:48.237904+00:00	Debian Importer	Fixing	VCID-rg5d-st3d-nbah	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:05:05.243441+00:00	Debian Importer	Fixing	VCID-ckt2-us5z-pyef	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:55:29.979605+00:00	Debian Importer	Fixing	VCID-qbdk-hxhg-wbh4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:12:39.382120+00:00	Debian Importer	Fixing	VCID-2jy6-eqpn-wbce	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:06:31.968509+00:00	Debian Importer	Fixing	VCID-ebtk-4m83-ryez	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:16:13.822908+00:00	Debian Importer	Fixing	VCID-r6bb-p28b-8fcn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:14:09.014660+00:00	Debian Importer	Fixing	VCID-xak4-qbwg-z3b7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:13:29.541582+00:00	Debian Importer	Fixing	VCID-rg5d-st3d-nbah	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:21.156415+00:00	Debian Importer	Fixing	VCID-ckt2-us5z-pyef	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:07:37.545415+00:00	Debian Importer	Fixing	VCID-qbdk-hxhg-wbh4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:04:26.755409+00:00	Debian Importer	Fixing	VCID-2jy6-eqpn-wbce	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:03:52.024605+00:00	Debian Importer	Fixing	VCID-ebtk-4m83-ryez	https://security-tracker.debian.org/tracker/data/json	38.1.0