VulnerableCode Package Details - pkg:rpm/redhat/ansible@2.6.20-1?arch=el7ae

Search for packages

Vulnerability	Summary	Fixed by
VCID-ckt2-us5z-pyef Aliases: CVE-2019-14856 GHSA-6fq2-x65v-v9h7 PYSEC-2019-146	ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None	There are no reported fixed by versions.
VCID-jnmu-c8dt-5yb6 Aliases: CVE-2019-14858 GHSA-h653-95qw-h2mp PYSEC-2019-171	A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.	There are no reported fixed by versions.
VCID-kb5h-116p-33b4 Aliases: CVE-2019-14846 GHSA-pm48-cvv2-29q5 PYSEC-2019-4	In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-ckt2-us5z-pyef
Aliases:
CVE-2019-14856
GHSA-6fq2-x65v-v9h7
PYSEC-2019-146

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None

There are no reported fixed by versions.

VCID-jnmu-c8dt-5yb6
Aliases:
CVE-2019-14858
GHSA-h653-95qw-h2mp
PYSEC-2019-171

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.

There are no reported fixed by versions.

VCID-kb5h-116p-33b4
Aliases:
CVE-2019-14846
GHSA-pm48-cvv2-29q5
PYSEC-2019-4

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:15:52.733031+00:00	RedHat Importer	Affected by	VCID-ckt2-us5z-pyef	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14856.json	38.0.0
2026-04-01T14:15:52.641793+00:00	RedHat Importer	Affected by	VCID-kb5h-116p-33b4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14846.json	38.0.0
2026-04-01T14:15:51.902681+00:00	RedHat Importer	Affected by	VCID-jnmu-c8dt-5yb6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14858.json	38.0.0