VulnerableCode Package Details - pkg:deb/debian/ansible@2.9.13%2Bdfsg-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-jrxz-b168-7ug4	A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.	CVE-2020-14365 GHSA-m429-fhmv-c6q2 PYSEC-2020-209
VCID-rdwq-93d6-c7b4	An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.	CVE-2020-10744 GHSA-vp9j-rghq-8jhh PYSEC-2020-208
VCID-v3h9-1t69-v7a3	An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.	CVE-2020-14330 GHSA-785x-qw4v-6872 PYSEC-2020-3
VCID-yeea-n94x-qqch	A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.	CVE-2020-14332 GHSA-j667-c2hm-f2wp PYSEC-2020-4

Vulnerability

Summary

Aliases

VCID-jrxz-b168-7ug4

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

CVE-2020-14365
GHSA-m429-fhmv-c6q2
PYSEC-2020-209

VCID-rdwq-93d6-c7b4

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.

CVE-2020-10744
GHSA-vp9j-rghq-8jhh
PYSEC-2020-208

VCID-v3h9-1t69-v7a3

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.

CVE-2020-14330
GHSA-785x-qw4v-6872
PYSEC-2020-3

VCID-yeea-n94x-qqch

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.

CVE-2020-14332
GHSA-j667-c2hm-f2wp
PYSEC-2020-4

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:24:17.674568+00:00	Debian Importer	Fixing	VCID-yeea-n94x-qqch	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:36:36.563537+00:00	Debian Importer	Fixing	VCID-jrxz-b168-7ug4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:20:56.896221+00:00	Debian Importer	Fixing	VCID-rdwq-93d6-c7b4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:18:18.100114+00:00	Debian Importer	Fixing	VCID-v3h9-1t69-v7a3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:46:06.748483+00:00	Debian Importer	Fixing	VCID-yeea-n94x-qqch	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:10:12.874195+00:00	Debian Importer	Fixing	VCID-jrxz-b168-7ug4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:14:42.020517+00:00	Debian Importer	Fixing	VCID-rdwq-93d6-c7b4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:13:04.175814+00:00	Debian Importer	Fixing	VCID-v3h9-1t69-v7a3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:11:29.813616+00:00	Debian Importer	Fixing	VCID-yeea-n94x-qqch	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:46.798916+00:00	Debian Importer	Fixing	VCID-jrxz-b168-7ug4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:04:36.870911+00:00	Debian Importer	Fixing	VCID-rdwq-93d6-c7b4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:04:30.349507+00:00	Debian Importer	Fixing	VCID-v3h9-1t69-v7a3	https://security-tracker.debian.org/tracker/data/json	38.1.0