VulnerableCode Package Details - pkg:rpm/redhat/ansible-role-redhat-subscription@1.0.1-4?arch=el7ost

Search for packages

Vulnerability	Summary	Fixed by
VCID-5hwt-gkgx-jqb4 Aliases: CVE-2018-10855 GHSA-jwcc-j78w-j73w PYSEC-2018-42	Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.	There are no reported fixed by versions.
VCID-wqm7-2ajr-6ue8 Aliases: CVE-2018-10874 GHSA-3xvg-x47j-x75w PYSEC-2018-81	In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.	There are no reported fixed by versions.
VCID-y91x-2rch-pkar Aliases: CVE-2018-10875 GHSA-fc4h-467w-46rh PYSEC-2018-43	A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-5hwt-gkgx-jqb4
Aliases:
CVE-2018-10855
GHSA-jwcc-j78w-j73w
PYSEC-2018-42

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

There are no reported fixed by versions.

VCID-wqm7-2ajr-6ue8
Aliases:
CVE-2018-10874
GHSA-3xvg-x47j-x75w
PYSEC-2018-81

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

There are no reported fixed by versions.

VCID-y91x-2rch-pkar
Aliases:
CVE-2018-10875
GHSA-fc4h-467w-46rh
PYSEC-2018-43

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:23:56.812017+00:00	RedHat Importer	Affected by	VCID-5hwt-gkgx-jqb4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10855.json	38.0.0
2026-04-01T14:23:50.799720+00:00	RedHat Importer	Affected by	VCID-y91x-2rch-pkar	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10875.json	38.0.0
2026-04-01T14:23:50.635218+00:00	RedHat Importer	Affected by	VCID-wqm7-2ajr-6ue8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10874.json	38.0.0