VulnerableCode Package Details - pkg:rpm/redhat/ansible@2.8.15-1?arch=el8ae

Search for packages

Vulnerability	Summary	Fixed by
VCID-c1xg-s3kx-gkft Aliases: CVE-2020-1736 GHSA-x7jh-595q-wq82 PYSEC-2020-8	A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.	There are no reported fixed by versions.
VCID-jrxz-b168-7ug4 Aliases: CVE-2020-14365 GHSA-m429-fhmv-c6q2 PYSEC-2020-209	A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.	There are no reported fixed by versions.
VCID-v3h9-1t69-v7a3 Aliases: CVE-2020-14330 GHSA-785x-qw4v-6872 PYSEC-2020-3	An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.	There are no reported fixed by versions.
VCID-yeea-n94x-qqch Aliases: CVE-2020-14332 GHSA-j667-c2hm-f2wp PYSEC-2020-4	A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-c1xg-s3kx-gkft
Aliases:
CVE-2020-1736
GHSA-x7jh-595q-wq82
PYSEC-2020-8

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

There are no reported fixed by versions.

VCID-jrxz-b168-7ug4
Aliases:
CVE-2020-14365
GHSA-m429-fhmv-c6q2
PYSEC-2020-209

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

There are no reported fixed by versions.

VCID-v3h9-1t69-v7a3
Aliases:
CVE-2020-14330
GHSA-785x-qw4v-6872
PYSEC-2020-3

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.

There are no reported fixed by versions.

VCID-yeea-n94x-qqch
Aliases:
CVE-2020-14332
GHSA-j667-c2hm-f2wp
PYSEC-2020-4

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:12:30.152389+00:00	RedHat Importer	Affected by	VCID-c1xg-s3kx-gkft	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1736.json	38.0.0
2026-04-01T14:09:31.431313+00:00	RedHat Importer	Affected by	VCID-v3h9-1t69-v7a3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14330.json	38.0.0
2026-04-01T14:05:42.627379+00:00	RedHat Importer	Affected by	VCID-yeea-n94x-qqch	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14332.json	38.0.0
2026-04-01T14:04:52.862348+00:00	RedHat Importer	Affected by	VCID-jrxz-b168-7ug4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14365.json	38.0.0