Search for packages
| purl | pkg:pypi/ansible@0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ae1r-yq1g-rkem
Aliases: CVE-2020-1737 GHSA-893h-35v4-mxqx PYSEC-2020-9 |
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10. |
Affected by 23 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 38 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-axc3-wcsk-q3eg
Aliases: CVE-2021-3583 GHSA-2pfh-q76x-gwvm PYSEC-2021-358 |
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. |
Affected by 10 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 9 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 3 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-b8zs-br97-57av
Aliases: CVE-2020-1739 GHSA-923p-fr2c-g5m2 PYSEC-2020-11 |
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. |
Affected by 23 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 38 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 22 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 20 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-d4ka-dk4p-kfhb
Aliases: CVE-2019-14904 GHSA-gwr8-5j83-483c PYSEC-2020-161 |
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. |
Affected by 34 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 31 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 33 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 33 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 31 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-d7ez-s7qb-p3ay
Aliases: CVE-2020-1738 GHSA-f85h-23mf-2fwh PYSEC-2020-10 |
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. |
Affected by 23 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 38 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 22 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 20 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-fetz-42jf-nqe8
Aliases: CVE-2016-8647 GHSA-x4cm-m36h-c6qj PYSEC-2018-58 |
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. |
Affected by 39 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-hfxe-jjf5-nqd1
Aliases: CVE-2016-8614 GHSA-cmwx-9m2h-x7v4 PYSEC-2018-37 |
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. |
Affected by 41 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 0 other vulnerabilities. |
|
VCID-hqar-fca3-cbht
Aliases: CVE-2020-1733 GHSA-g4mq-6fp5-qwcf PYSEC-2020-5 |
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'. |
Affected by 23 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 22 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 20 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-kb5h-116p-33b4
Aliases: CVE-2019-14846 GHSA-pm48-cvv2-29q5 PYSEC-2019-4 |
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. |
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 35 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 35 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-q4q1-aueh-sub2
Aliases: CVE-2016-8628 GHSA-jg4f-jqm5-4mgq PYSEC-2018-38 |
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as. |
Affected by 41 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 0 other vulnerabilities. |
|
VCID-r6bb-p28b-8fcn
Aliases: CVE-2018-16859 GHSA-v735-2pp6-h86r PYSEC-2018-60 |
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable. |
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 39 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 38 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 45 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 44 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 44 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-rknj-nkgs-wyg2
Aliases: CVE-2018-16837 GHSA-hwrm-63v2-42g4 PYSEC-2018-44 |
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list. |
Affected by 44 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 39 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 45 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-wqm7-2ajr-6ue8
Aliases: CVE-2018-10874 GHSA-3xvg-x47j-x75w PYSEC-2018-81 |
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. |
Affected by 44 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 39 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 40 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-04T14:32:15.442383+00:00 | GHSA Importer | Affected by | VCID-kb5h-116p-33b4 | https://github.com/advisories/GHSA-pm48-cvv2-29q5 | 38.1.0 |
| 2026-04-04T14:30:26.016078+00:00 | GHSA Importer | Affected by | VCID-r6bb-p28b-8fcn | https://github.com/advisories/GHSA-v735-2pp6-h86r | 38.1.0 |
| 2026-04-04T14:30:04.577822+00:00 | GHSA Importer | Affected by | VCID-rknj-nkgs-wyg2 | https://github.com/advisories/GHSA-hwrm-63v2-42g4 | 38.1.0 |
| 2026-04-02T16:58:14.976965+00:00 | GHSA Importer | Affected by | VCID-axc3-wcsk-q3eg | https://github.com/advisories/GHSA-2pfh-q76x-gwvm | 38.1.0 |
| 2026-04-02T16:56:30.089904+00:00 | GHSA Importer | Affected by | VCID-hqar-fca3-cbht | https://github.com/advisories/GHSA-g4mq-6fp5-qwcf | 38.1.0 |
| 2026-04-02T16:56:29.886786+00:00 | GHSA Importer | Affected by | VCID-d4ka-dk4p-kfhb | https://github.com/advisories/GHSA-gwr8-5j83-483c | 38.1.0 |
| 2026-04-02T16:56:29.567224+00:00 | GHSA Importer | Affected by | VCID-ae1r-yq1g-rkem | https://github.com/advisories/GHSA-893h-35v4-mxqx | 38.1.0 |
| 2026-04-02T16:56:23.761462+00:00 | GHSA Importer | Affected by | VCID-b8zs-br97-57av | https://github.com/advisories/GHSA-923p-fr2c-g5m2 | 38.1.0 |
| 2026-04-01T16:00:55.654491+00:00 | GHSA Importer | Affected by | VCID-wqm7-2ajr-6ue8 | https://github.com/advisories/GHSA-3xvg-x47j-x75w | 38.0.0 |
| 2026-04-01T15:59:32.230713+00:00 | GHSA Importer | Affected by | VCID-d7ez-s7qb-p3ay | https://github.com/advisories/GHSA-f85h-23mf-2fwh | 38.0.0 |
| 2026-04-01T15:56:42.772324+00:00 | GHSA Importer | Affected by | VCID-fetz-42jf-nqe8 | https://github.com/advisories/GHSA-x4cm-m36h-c6qj | 38.0.0 |
| 2026-04-01T15:56:42.738826+00:00 | GHSA Importer | Affected by | VCID-hfxe-jjf5-nqd1 | https://github.com/advisories/GHSA-cmwx-9m2h-x7v4 | 38.0.0 |
| 2026-04-01T15:56:42.629815+00:00 | GHSA Importer | Affected by | VCID-q4q1-aueh-sub2 | https://github.com/advisories/GHSA-jg4f-jqm5-4mgq | 38.0.0 |