Search for packages
| purl | pkg:pypi/ansible@2.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3jh2-znva-2bb6
Aliases: CVE-2018-7750 GHSA-232r-66cg-79px PYSEC-2018-19 |
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. |
Affected by 44 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 39 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-4yvf-k192-9fca
Aliases: CVE-2021-3533 PYSEC-2021-126 |
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. |
Affected by 44 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 2 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-e3z2-ydhb-gqfg
Aliases: CVE-2021-20228 GHSA-5rrg-rr89-x9mv PYSEC-2021-1 |
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. |
Affected by 44 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 17 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 35 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 15 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 11 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 10 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 0 other vulnerabilities. Affected by 6 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-jnmu-c8dt-5yb6
Aliases: CVE-2019-14858 GHSA-h653-95qw-h2mp PYSEC-2019-171 |
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task. |
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 44 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 35 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 34 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-kb5h-116p-33b4
Aliases: CVE-2019-14846 GHSA-pm48-cvv2-29q5 PYSEC-2019-4 |
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. |
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 35 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 35 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-rknj-nkgs-wyg2
Aliases: CVE-2018-16837 GHSA-hwrm-63v2-42g4 PYSEC-2018-44 |
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list. |
Affected by 44 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 39 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 45 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-wqm7-2ajr-6ue8
Aliases: CVE-2018-10874 GHSA-3xvg-x47j-x75w PYSEC-2018-81 |
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. |
Affected by 44 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 39 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 40 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-y91x-2rch-pkar
Aliases: CVE-2018-10875 GHSA-fc4h-467w-46rh PYSEC-2018-43 |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. |
Affected by 44 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 39 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 40 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||