{"url":"http://public2.vulnerablecode.io/api/packages/13919?format=json","purl":"pkg:pypi/ansible@2.6.0rc5","type":"pypi","namespace":"","name":"ansible","version":"2.6.0rc5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.0","latest_non_vulnerable_version":"12.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35418?format=json","vulnerability_id":"VCID-1sty-hqbq-63hy","summary":"In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3201","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3202","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3203","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3203"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3207","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0756","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0756"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14846.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14846.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846"},{"reference_url":"https://github.com/ansible/ansible/pull/63366","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/63366"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1755373","reference_id":"1755373","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1755373"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942188","reference_id":"942188","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942188"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14846","reference_id":"CVE-2019-14846","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14846"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14349?format=json","purl":"pkg:pypi/ansible@2.6.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20"},{"url":"http://public2.vulnerablecode.io/api/packages/12520?format=json","purl":"pkg:pypi/ansible@2.7.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/14350?format=json","purl":"pkg:pypi/ansible@2.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6"}],"aliases":["CVE-2019-14846","PYSEC-2019-4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sty-hqbq-63hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35532?format=json","vulnerability_id":"VCID-2z4k-r21v-rfgx","summary":"A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1736.json","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1736.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736"},{"reference_url":"https://github.com/advisories/GHSA-x7jh-595q-wq82","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x7jh-595q-wq82"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/issues/67794","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/67794"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802124","reference_id":"1802124","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802124"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966663","reference_id":"966663","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966663"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1736","reference_id":"CVE-2020-1736","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3600","reference_id":"RHSA-2020:3600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3600"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1736","GHSA-x7jh-595q-wq82","PYSEC-2020-8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2z4k-r21v-rfgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35533?format=json","vulnerability_id":"VCID-7qnx-1gp2-v7bb","summary":"A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1735.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1735.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735"},{"reference_url":"https://github.com/advisories/GHSA-gfr2-qpxh-qj9m","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gfr2-qpxh-qj9m"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes-7","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes-7"},{"reference_url":"https://github.com/ansible/ansible/commit/18f91bbb88a84b1d3614ef41c3550da735592ac1","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/18f91bbb88a84b1d3614ef41c3550da735592ac1"},{"reference_url":"https://github.com/ansible/ansible/commit/40969ff43812fabf5397f818d9e521f9b39c9c9a","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/40969ff43812fabf5397f818d9e521f9b39c9c9a"},{"reference_url":"https://github.com/ansible/ansible/commit/de9a4f5474c5f5db442ae7493d6b5da7177e335d","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/de9a4f5474c5f5db442ae7493d6b5da7177e335d"},{"reference_url":"https://github.com/ansible/ansible/issues/67793","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67793"},{"reference_url":"https://github.com/ansible/ansible/pull/69023","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/69023"},{"reference_url":"https://github.com/ansible/ansible/pull/69024","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/69024"},{"reference_url":"https://github.com/ansible/ansible/pull/69025","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/69025"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-7.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-7.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802085","reference_id":"1802085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802085"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1735","reference_id":"CVE-2020-1735","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/12524?format=json","purl":"pkg:pypi/ansible@2.7.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15574?format=json","purl":"pkg:pypi/ansible@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15575?format=json","purl":"pkg:pypi/ansible@2.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.8"}],"aliases":["CVE-2020-1735","GHSA-gfr2-qpxh-qj9m","PYSEC-2020-7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7qnx-1gp2-v7bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35811?format=json","vulnerability_id":"VCID-833d-up6b-rfe1","summary":"A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831089","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831089"},{"reference_url":"https://github.com/advisories/GHSA-r6h7-5pq2-j77h","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6h7-5pq2-j77h"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.6/changelogs/CHANGELOG-v2.9.rst","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.6/changelogs/CHANGELOG-v2.9.rst"},{"reference_url":"https://github.com/ansible/ansible/commit/c520d70bf4748c8ee6718a7d0d0254051ba1c2e9","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/c520d70bf4748c8ee6718a7d0d0254051ba1c2e9"},{"reference_url":"https://github.com/ansible/ansible/issues/34144","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/34144"},{"reference_url":"https://github.com/ansible/ansible/pull/67429","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/67429"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-105.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-105.yaml"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10729","reference_id":"CVE-2020-10729","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-10729","GHSA-r6h7-5pq2-j77h","PYSEC-2021-105"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-833d-up6b-rfe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35785?format=json","vulnerability_id":"VCID-8u2v-jtqe-dqg3","summary":"A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20228.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20228.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925002","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925002"},{"reference_url":"https://github.com/advisories/GHSA-5rrg-rr89-x9mv","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5rrg-rr89-x9mv"},{"reference_url":"https://github.com/ansible/ansible/pull/73487","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/73487"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20228","reference_id":"CVE-2021-20228","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14786?format=json","purl":"pkg:pypi/ansible@2.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/18265?format=json","purl":"pkg:pypi/ansible@2.9.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19"}],"aliases":["CVE-2021-20228","GHSA-5rrg-rr89-x9mv","PYSEC-2021-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2v-jtqe-dqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35653?format=json","vulnerability_id":"VCID-am9g-ba4h-sfhr","summary":"A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25635.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25635.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible-collections/community.aws/issues/222","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.aws/issues/222"},{"reference_url":"https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1880275","reference_id":"1880275","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1880275"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25635","reference_id":"CVE-2020-25635","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25635"},{"reference_url":"https://github.com/advisories/GHSA-f556-49jc-4rvc","reference_id":"GHSA-f556-49jc-4rvc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f556-49jc-4rvc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18528?format=json","purl":"pkg:pypi/ansible@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-t2da-uh4n-yya2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1"}],"aliases":["CVE-2020-25635","GHSA-f556-49jc-4rvc","PYSEC-2020-220"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35529?format=json","vulnerability_id":"VCID-cuq1-se5h-vygd","summary":"A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1753.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1753.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753"},{"reference_url":"https://github.com/advisories/GHSA-86hp-cj9j-33vv","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-86hp-cj9j-33vv"},{"reference_url":"https://github.com/ansible/ansible/commit/04ba05e003b268b83df6c106ba5c0f08548b1380","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/04ba05e003b268b83df6c106ba5c0f08548b1380"},{"reference_url":"https://github.com/ansible/ansible/commit/137caed836ef096945086cfe75dc11587b68db3a","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/137caed836ef096945086cfe75dc11587b68db3a"},{"reference_url":"https://github.com/ansible/ansible/commit/273d8538dbe5a7b5c9954f1929d3bb00904c43f6","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/273d8538dbe5a7b5c9954f1929d3bb00904c43f6"},{"reference_url":"https://github.com/ansible/ansible/pull/68195","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/68195"},{"reference_url":"https://github.com/ansible-collections/kubernetes","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/kubernetes"},{"reference_url":"https://github.com/ansible-collections/kubernetes/pull/51","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/kubernetes/pull/51"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-210.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-210.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1811008","reference_id":"1811008","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1811008"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1753","reference_id":"CVE-2020-1753","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2142","reference_id":"RHSA-2020:2142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2142"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/12524?format=json","purl":"pkg:pypi/ansible@2.7.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15098?format=json","purl":"pkg:pypi/ansible@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/15574?format=json","purl":"pkg:pypi/ansible@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15099?format=json","purl":"pkg:pypi/ansible@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7"}],"aliases":["CVE-2020-1753","GHSA-86hp-cj9j-33vv","PYSEC-2020-210"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cuq1-se5h-vygd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35530?format=json","vulnerability_id":"VCID-cxts-25nq-4fcs","summary":"A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1740.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1740.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740"},{"reference_url":"https://github.com/advisories/GHSA-vcg8-98q8-g7mj","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcg8-98q8-g7mj"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/28f9fbdb5e281976e33f443193047068afb97a9b","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/28f9fbdb5e281976e33f443193047068afb97a9b"},{"reference_url":"https://github.com/ansible/ansible/commit/2a563514f070a0a8ba64aebf6bce21194be96c73","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/2a563514f070a0a8ba64aebf6bce21194be96c73"},{"reference_url":"https://github.com/ansible/ansible/commit/685a4b6d3ff72186d2b4ffce73172a5446a71ccc","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/685a4b6d3ff72186d2b4ffce73172a5446a71ccc"},{"reference_url":"https://github.com/ansible/ansible/commit/ef32a5bf96a89107986375516285253c1380d7ef","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/ef32a5bf96a89107986375516285253c1380d7ef"},{"reference_url":"https://github.com/ansible/ansible/issues/67798","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67798"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-12.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-12.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802193","reference_id":"1802193","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802193"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1740","reference_id":"CVE-2020-1740","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15098?format=json","purl":"pkg:pypi/ansible@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15099?format=json","purl":"pkg:pypi/ansible@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7"}],"aliases":["CVE-2020-1740","GHSA-vcg8-98q8-g7mj","PYSEC-2020-12"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cxts-25nq-4fcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3444?format=json","vulnerability_id":"VCID-dkds-s3ad-cufa","summary":"information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3620.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3620.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975767","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975767"},{"reference_url":"https://github.com/advisories/GHSA-4r65-35qq-ch8j","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4r65-35qq-ch8j"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes"},{"reference_url":"https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0"},{"reference_url":"https://security.archlinux.org/AVG-1941","reference_id":"AVG-1941","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1941"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3620","reference_id":"CVE-2021-3620","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3620"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3871","reference_id":"RHSA-2021:3871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3872","reference_id":"RHSA-2021:3872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3874","reference_id":"RHSA-2021:3874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4703","reference_id":"RHSA-2021:4703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4750","reference_id":"RHSA-2021:4750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4750"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18281?format=json","purl":"pkg:pypi/ansible@2.9.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27"}],"aliases":["CVE-2021-3620","GHSA-4r65-35qq-ch8j","PYSEC-2022-164"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dkds-s3ad-cufa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7216?format=json","vulnerability_id":"VCID-gm99-68bj-c3cz","summary":"arbitrary command execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968412","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968412"},{"reference_url":"https://github.com/advisories/GHSA-2pfh-q76x-gwvm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2pfh-q76x-gwvm"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e"},{"reference_url":"https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847"},{"reference_url":"https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1"},{"reference_url":"https://github.com/ansible/ansible/pull/74960","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/74960"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://security.archlinux.org/AVG-2260","reference_id":"AVG-2260","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2260"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3583","reference_id":"CVE-2021-3583","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2663","reference_id":"RHSA-2021:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2664","reference_id":"RHSA-2021:2664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2664"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/140873?format=json","purl":"pkg:pypi/ansible@2.10.11rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.11rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/140874?format=json","purl":"pkg:pypi/ansible@2.11.2rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.11.2rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/18272?format=json","purl":"pkg:pypi/ansible@2.9.23rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/18273?format=json","purl":"pkg:pypi/ansible@2.9.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23"}],"aliases":["CVE-2021-3583","GHSA-2pfh-q76x-gwvm","PYSEC-2021-358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gm99-68bj-c3cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35525?format=json","vulnerability_id":"VCID-gxw4-ydnj-fkfe","summary":"A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1739.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1739.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739"},{"reference_url":"https://github.com/advisories/GHSA-923p-fr2c-g5m2","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-923p-fr2c-g5m2"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/1a89d4f059c21a818306a39ada7f5284ae125237","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/1a89d4f059c21a818306a39ada7f5284ae125237"},{"reference_url":"https://github.com/ansible/ansible/commit/6c74a298702c8bb5532b9600073312e08f39680f","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/6c74a298702c8bb5532b9600073312e08f39680f"},{"reference_url":"https://github.com/ansible/ansible/commit/c6c4fbf4a1fdea1e10ba94462a60c413990a16a4","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/c6c4fbf4a1fdea1e10ba94462a60c413990a16a4"},{"reference_url":"https://github.com/ansible/ansible/issues/67797","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67797"},{"reference_url":"https://github.com/ansible/ansible/pull/68911","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/68911"},{"reference_url":"https://github.com/ansible/ansible/pull/68912","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/68912"},{"reference_url":"https://github.com/ansible/ansible/pull/68913","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/68913"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-11.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-11.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802178","reference_id":"1802178","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802178"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1739","reference_id":"CVE-2020-1739","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15098?format=json","purl":"pkg:pypi/ansible@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15099?format=json","purl":"pkg:pypi/ansible@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7"}],"aliases":["CVE-2020-1739","GHSA-923p-fr2c-g5m2","PYSEC-2020-11"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxw4-ydnj-fkfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7307?format=json","vulnerability_id":"VCID-hjc4-jcfm-7be5","summary":"information disclosure","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956477","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956477"},{"reference_url":"https://security.archlinux.org/AVG-2056","reference_id":"AVG-2056","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2056"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3533","reference_id":"CVE-2021-3533","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3533"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22508?format=json","purl":"pkg:pypi/ansible@3.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0"}],"aliases":["CVE-2021-3533","PYSEC-2021-126"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35520?format=json","vulnerability_id":"VCID-hq4d-92s2-vqg6","summary":"A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1733.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1733.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733"},{"reference_url":"https://github.com/advisories/GHSA-g4mq-6fp5-qwcf","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4mq-6fp5-qwcf"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/80b9a0a25c5f75e84aefc8f2b293fb1933b154f2","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/80b9a0a25c5f75e84aefc8f2b293fb1933b154f2"},{"reference_url":"https://github.com/ansible/ansible/commit/8251d9f4c2bc82632ab992277fcd30ccbf87aa47","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8251d9f4c2bc82632ab992277fcd30ccbf87aa47"},{"reference_url":"https://github.com/ansible/ansible/commit/ecf99d5e1ff732a7777010facd6c98bb0994605e","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/ecf99d5e1ff732a7777010facd6c98bb0994605e"},{"reference_url":"https://github.com/ansible/ansible/issues/67791","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67791"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-5.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-5.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801735","reference_id":"1801735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801735"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1733","reference_id":"CVE-2020-1733","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/14998?format=json","purl":"pkg:pypi/ansible@2.8.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/15098?format=json","purl":"pkg:pypi/ansible@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15099?format=json","purl":"pkg:pypi/ansible@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7"}],"aliases":["CVE-2020-1733","GHSA-g4mq-6fp5-qwcf","PYSEC-2020-5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hq4d-92s2-vqg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35391?format=json","vulnerability_id":"VCID-k8a2-5yfh-j7gp","summary":"A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3744","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3789","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3789"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156"},{"reference_url":"https://github.com/advisories/GHSA-grgm-pph5-j5h7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-grgm-pph5-j5h7"},{"reference_url":"https://github.com/ansible/ansible/pull/57188","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/57188"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930065","reference_id":"930065","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930065"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10156","reference_id":"CVE-2019-10156","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10156"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13923?format=json","purl":"pkg:pypi/ansible@2.6.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.18"},{"url":"http://public2.vulnerablecode.io/api/packages/12518?format=json","purl":"pkg:pypi/ansible@2.7.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.12"},{"url":"http://public2.vulnerablecode.io/api/packages/13924?format=json","purl":"pkg:pypi/ansible@2.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.2"}],"aliases":["CVE-2019-10156","GHSA-grgm-pph5-j5h7","PYSEC-2019-2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8a2-5yfh-j7gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35519?format=json","vulnerability_id":"VCID-mbj9-3bnb-wbda","summary":"A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1737.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1737.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737"},{"reference_url":"https://github.com/advisories/GHSA-893h-35v4-mxqx","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-893h-35v4-mxqx"},{"reference_url":"https://github.com/ansible/ansible/issues/67795","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67795"},{"reference_url":"https://github.com/ansible/ansible/pull/67799","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/67799"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-9.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-9.yaml"},{"reference_url":"https://github.com/samdoran/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samdoran/ansible"},{"reference_url":"https://github.com/samdoran/ansible/commit/1de638b4d38d6d916588e2ad48d01f90dab8c36d","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samdoran/ansible/commit/1de638b4d38d6d916588e2ad48d01f90dab8c36d"},{"reference_url":"https://github.com/samdoran/ansible/commit/aaf549d7870b8687209a3282841b59207735b676","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samdoran/ansible/commit/aaf549d7870b8687209a3282841b59207735b676"},{"reference_url":"https://github.com/samdoran/ansible/commit/b60aa26e2313a8d52c0e0d3fd01696e797605b72","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samdoran/ansible/commit/b60aa26e2313a8d52c0e0d3fd01696e797605b72"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802154","reference_id":"1802154","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802154"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1737","reference_id":"CVE-2020-1737","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1737","GHSA-893h-35v4-mxqx","PYSEC-2020-9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbj9-3bnb-wbda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35809?format=json","vulnerability_id":"VCID-p4p5-29r5-8qh9","summary":"A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813"},{"reference_url":"https://github.com/advisories/GHSA-8f4m-hccc-8qph","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8f4m-hccc-8qph"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0"},{"reference_url":"https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc"},{"reference_url":"https://github.com/ansible/ansible/pull/73488","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73488"},{"reference_url":"https://github.com/ansible/ansible/pull/73489","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73489"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753","reference_id":"985753","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753"},{"reference_url":"https://access.redhat.com/security/cve/cve-2021-20191","reference_id":"CVE-2021-20191","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2021-20191"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20191","reference_id":"CVE-2021-20191","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20191"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18243?format=json","purl":"pkg:pypi/ansible@2.8.19rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/18244?format=json","purl":"pkg:pypi/ansible@2.8.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19"},{"url":"http://public2.vulnerablecode.io/api/packages/18262?format=json","purl":"pkg:pypi/ansible@2.9.18rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/18263?format=json","purl":"pkg:pypi/ansible@2.9.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18"},{"url":"http://public2.vulnerablecode.io/api/packages/22088?format=json","purl":"pkg:pypi/ansible@2.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hjc4-jcfm-7be5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7"}],"aliases":["CVE-2021-20191","GHSA-8f4m-hccc-8qph","PYSEC-2021-124"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4p5-29r5-8qh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35808?format=json","vulnerability_id":"VCID-pqj1-u787-g3aj","summary":"A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914774","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914774"},{"reference_url":"https://github.com/advisories/GHSA-wv5p-gmmv-wh9v","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wv5p-gmmv-wh9v"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C"},{"reference_url":"https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc"},{"reference_url":"https://github.com/ansible-collections/community.general/pull/1635","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.general/pull/1635"},{"reference_url":"https://github.com/ansible-collections/community.general/pull/1635,","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible-collections/community.general/pull/1635,"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753","reference_id":"985753","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20178","reference_id":"CVE-2021-20178","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20178"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18263?format=json","purl":"pkg:pypi/ansible@2.9.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18"}],"aliases":["CVE-2021-20178","GHSA-wv5p-gmmv-wh9v","PYSEC-2021-106"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqj1-u787-g3aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35531?format=json","vulnerability_id":"VCID-subj-aje2-93bk","summary":"A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1738.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1738.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738"},{"reference_url":"https://github.com/advisories/GHSA-f85h-23mf-2fwh","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f85h-23mf-2fwh"},{"reference_url":"https://github.com/ansible/ansible/issues/67796","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/67796"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802164","reference_id":"1802164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802164"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1738","reference_id":"CVE-2020-1738","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1738"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1738","GHSA-f85h-23mf-2fwh","PYSEC-2020-10"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-subj-aje2-93bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35617?format=json","vulnerability_id":"VCID-vhxq-1hqq-77bx","summary":"An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14330.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14330.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330"},{"reference_url":"https://github.com/advisories/GHSA-785x-qw4v-6872","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-785x-qw4v-6872"},{"reference_url":"https://github.com/ansible/ansible/issues/68400","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/68400"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1856815","reference_id":"1856815","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1856815"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14330","reference_id":"CVE-2020-14330","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14330"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3600","reference_id":"RHSA-2020:3600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3600"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18235?format=json","purl":"pkg:pypi/ansible@2.9.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12"},{"url":"http://public2.vulnerablecode.io/api/packages/18294?format=json","purl":"pkg:pypi/ansible@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0"}],"aliases":["CVE-2020-14330","GHSA-785x-qw4v-6872","PYSEC-2020-3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35607?format=json","vulnerability_id":"VCID-vsv2-4d8c-m3g1","summary":"A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1776944","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1776944"},{"reference_url":"https://github.com/advisories/GHSA-gwr8-5j83-483c","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gwr8-5j83-483c"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69"},{"reference_url":"https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907"},{"reference_url":"https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8"},{"reference_url":"https://github.com/ansible/ansible/pull/65686","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/65686"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14904","reference_id":"CVE-2019-14904","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0215","reference_id":"RHSA-2020:0215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0217","reference_id":"RHSA-2020:0217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0217"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12521?format=json","purl":"pkg:pypi/ansible@2.7.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15"},{"url":"http://public2.vulnerablecode.io/api/packages/12522?format=json","purl":"pkg:pypi/ansible@2.7.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.16"},{"url":"http://public2.vulnerablecode.io/api/packages/14785?format=json","purl":"pkg:pypi/ansible@2.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/14998?format=json","purl":"pkg:pypi/ansible@2.8.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/14999?format=json","purl":"pkg:pypi/ansible@2.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/15000?format=json","purl":"pkg:pypi/ansible@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.3"}],"aliases":["CVE-2019-14904","GHSA-gwr8-5j83-483c","PYSEC-2020-161"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vsv2-4d8c-m3g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35516?format=json","vulnerability_id":"VCID-x4mr-vrp9-ufg6","summary":"A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2020:0547","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2020:0547"},{"reference_url":"https://access.redhat.com/errata/RHBA-2020:1539","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2020:1539"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1734.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1734.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801804","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801804"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734"},{"reference_url":"https://github.com/advisories/GHSA-h39q-95q5-9jfp","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h39q-95q5-9jfp"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b"},{"reference_url":"https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0"},{"reference_url":"https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f"},{"reference_url":"https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0"},{"reference_url":"https://github.com/ansible/ansible/issues/67792","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/67792"},{"reference_url":"https://github.com/ansible/ansible/issues/70159","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/70159"},{"reference_url":"https://github.com/ansible/ansible/pull/70596","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/70596"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2020-1734","reference_id":"CVE-2020-1734","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2020-1734"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1734","reference_id":"CVE-2020-1734","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1734"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15577?format=json","purl":"pkg:pypi/ansible@2.8.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13"},{"url":"http://public2.vulnerablecode.io/api/packages/18233?format=json","purl":"pkg:pypi/ansible@2.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/18293?format=json","purl":"pkg:pypi/ansible@2.10.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1"}],"aliases":["CVE-2020-1734","GHSA-h39q-95q5-9jfp","PYSEC-2020-6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4mr-vrp9-ufg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35423?format=json","vulnerability_id":"VCID-ykkx-swgs-vybn","summary":"A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3201","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3202","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3203","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3203"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3207","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0756","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0756"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14858.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14858.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1760593","reference_id":"1760593","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1760593"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942332","reference_id":"942332","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942332"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12532?format=json","purl":"pkg:pypi/ansible@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1"}],"aliases":["CVE-2019-14858","PYSEC-2019-171"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ykkx-swgs-vybn"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.0rc5"}