VulnerableCode Package Details - pkg:rpm/redhat/ansible@2.6.19-1?arch=el7ae

Search for packages

Vulnerability	Summary	Fixed by
VCID-drt9-vx5r-akgm Aliases: CVE-2019-3828 GHSA-74vq-h4q8-x6jv PYSEC-2019-5	Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.	There are no reported fixed by versions.
VCID-swpr-3qae-d7fe Aliases: CVE-2019-10206 GHSA-cqmr-rcpr-cxh3 PYSEC-2019-145	ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.	There are no reported fixed by versions.
VCID-x5e2-7whc-v3fc Aliases: CVE-2019-10156 GHSA-grgm-pph5-j5h7 PYSEC-2019-2	A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-drt9-vx5r-akgm
Aliases:
CVE-2019-3828
GHSA-74vq-h4q8-x6jv
PYSEC-2019-5

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

There are no reported fixed by versions.

VCID-swpr-3qae-d7fe
Aliases:
CVE-2019-10206
GHSA-cqmr-rcpr-cxh3
PYSEC-2019-145

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

There are no reported fixed by versions.

VCID-x5e2-7whc-v3fc
Aliases:
CVE-2019-10156
GHSA-grgm-pph5-j5h7
PYSEC-2019-2

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:20:55.898610+00:00	RedHat Importer	Affected by	VCID-drt9-vx5r-akgm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3828.json	38.0.0
2026-04-01T14:19:02.910780+00:00	RedHat Importer	Affected by	VCID-x5e2-7whc-v3fc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10156.json	38.0.0
2026-04-01T14:18:07.908381+00:00	RedHat Importer	Affected by	VCID-swpr-3qae-d7fe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10206.json	38.0.0