VulnerableCode Package Details - pkg:deb/debian/ansible@2.8.6%2Bdfsg-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-jnmu-c8dt-5yb6	A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.	CVE-2019-14858 GHSA-h653-95qw-h2mp PYSEC-2019-171
VCID-kb5h-116p-33b4	In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.	CVE-2019-14846 GHSA-pm48-cvv2-29q5 PYSEC-2019-4
VCID-nukv-kkws-xkb1	A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.	CVE-2019-10217 GHSA-p75j-wc34-527c PYSEC-2019-3
VCID-swpr-3qae-d7fe	ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.	CVE-2019-10206 GHSA-cqmr-rcpr-cxh3 PYSEC-2019-145

Vulnerability

Summary

Aliases

VCID-jnmu-c8dt-5yb6

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.

CVE-2019-14858
GHSA-h653-95qw-h2mp
PYSEC-2019-171

VCID-kb5h-116p-33b4

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.

CVE-2019-14846
GHSA-pm48-cvv2-29q5
PYSEC-2019-4

VCID-nukv-kkws-xkb1

A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.

CVE-2019-10217
GHSA-p75j-wc34-527c
PYSEC-2019-3

VCID-swpr-3qae-d7fe

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

CVE-2019-10206
GHSA-cqmr-rcpr-cxh3
PYSEC-2019-145

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:17:14.823131+00:00	Debian Importer	Fixing	VCID-jnmu-c8dt-5yb6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:45:15.180937+00:00	Debian Importer	Fixing	VCID-nukv-kkws-xkb1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:12:28.309978+00:00	Debian Importer	Fixing	VCID-swpr-3qae-d7fe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:02:37.022808+00:00	Debian Importer	Fixing	VCID-kb5h-116p-33b4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:09:04.873799+00:00	Debian Importer	Fixing	VCID-jnmu-c8dt-5yb6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:00:51.215844+00:00	Debian Importer	Fixing	VCID-nukv-kkws-xkb1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:09:39.885650+00:00	Debian Importer	Fixing	VCID-swpr-3qae-d7fe	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:03:47.720249+00:00	Debian Importer	Fixing	VCID-kb5h-116p-33b4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:17:59.620369+00:00	Debian Importer	Fixing	VCID-jnmu-c8dt-5yb6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:12:39.558058+00:00	Debian Importer	Fixing	VCID-nukv-kkws-xkb1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:04:12.484584+00:00	Debian Importer	Fixing	VCID-swpr-3qae-d7fe	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:03:38.386897+00:00	Debian Importer	Fixing	VCID-kb5h-116p-33b4	https://security-tracker.debian.org/tracker/data/json	38.1.0