{"url":"http://public2.vulnerablecode.io/api/packages/18248?format=json","purl":"pkg:pypi/ansible@2.9.0rc1","type":"pypi","namespace":"","name":"ansible","version":"2.9.0rc1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.10.1rc2","latest_non_vulnerable_version":"12.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35623?format=json","vulnerability_id":"VCID-5t77-f231-6ffg","summary":"A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14365.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14365.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14365","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21683","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14365"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869154","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869154"},{"reference_url":"https://github.com/advisories/GHSA-m429-fhmv-c6q2","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m429-fhmv-c6q2"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275"},{"reference_url":"https://github.com/ansible/ansible/commit/1fa2d5fd6b768120b76a77929e27302b06accc0c","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/1fa2d5fd6b768120b76a77929e27302b06accc0c"},{"reference_url":"https://github.com/ansible/ansible/commit/9bea33ffa3be3d64827f59882d95b817cfab9b7e","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/9bea33ffa3be3d64827f59882d95b817cfab9b7e"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-209.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-209.yaml"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14365","reference_id":"CVE-2020-14365","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14365"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3600","reference_id":"RHSA-2020:3600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3601","reference_id":"RHSA-2020:3601","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3601"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3602","reference_id":"RHSA-2020:3602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3602"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18253?format=json","purl":"pkg:pypi/ansible@2.9.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.13"},{"url":"http://public2.vulnerablecode.io/api/packages/18254?format=json","purl":"pkg:pypi/ansible@2.9.14rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.14rc1"}],"aliases":["CVE-2020-14365","GHSA-m429-fhmv-c6q2","PYSEC-2020-209"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5t77-f231-6ffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35558?format=json","vulnerability_id":"VCID-78m2-3fj5-tbh1","summary":"A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1746.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1746","reference_id":"","reference_type":"","scores":[{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30013","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746"},{"reference_url":"https://github.com/advisories/GHSA-j2h6-73x8-22c4","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j2h6-73x8-22c4"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/d41e38435b1a9e300d8011ac28f16a5add2db119","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/d41e38435b1a9e300d8011ac28f16a5add2db119"},{"reference_url":"https://github.com/ansible/ansible/commit/e6199d768c1c18a4e750ec78d4ded088629baa3f","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/e6199d768c1c18a4e750ec78d4ded088629baa3f"},{"reference_url":"https://github.com/ansible/ansible/commit/edd1e1723cc937ec9251adf38c1199a00b0bf6d4","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/edd1e1723cc937ec9251adf38c1199a00b0bf6d4"},{"reference_url":"https://github.com/ansible/ansible/pull/67866","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/67866"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-13.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-13.yaml"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805491","reference_id":"1805491","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805491"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1746","reference_id":"CVE-2020-1746","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15099?format=json","purl":"pkg:pypi/ansible@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7"}],"aliases":["CVE-2020-1746","GHSA-j2h6-73x8-22c4","PYSEC-2020-13"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78m2-3fj5-tbh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35811?format=json","vulnerability_id":"VCID-833d-up6b-rfe1","summary":"A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10729.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10729.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10729","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20032","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10729"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831089","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831089"},{"reference_url":"https://github.com/advisories/GHSA-r6h7-5pq2-j77h","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6h7-5pq2-j77h"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.6/changelogs/CHANGELOG-v2.9.rst","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.6/changelogs/CHANGELOG-v2.9.rst"},{"reference_url":"https://github.com/ansible/ansible/commit/c520d70bf4748c8ee6718a7d0d0254051ba1c2e9","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/c520d70bf4748c8ee6718a7d0d0254051ba1c2e9"},{"reference_url":"https://github.com/ansible/ansible/issues/34144","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/34144"},{"reference_url":"https://github.com/ansible/ansible/pull/67429","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/67429"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-105.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-105.yaml"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10729","reference_id":"CVE-2020-10729","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-10729","GHSA-r6h7-5pq2-j77h","PYSEC-2021-105"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-833d-up6b-rfe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35785?format=json","vulnerability_id":"VCID-8u2v-jtqe-dqg3","summary":"A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20228.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20228.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20228","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47765","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20228"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925002"},{"reference_url":"https://github.com/advisories/GHSA-5rrg-rr89-x9mv","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5rrg-rr89-x9mv"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c"},{"reference_url":"https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b"},{"reference_url":"https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120"},{"reference_url":"https://github.com/ansible/ansible/pull/73487","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73487"},{"reference_url":"https://github.com/ansible/ansible/pull/73492","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73492"},{"reference_url":"https://github.com/ansible/ansible/pull/73493","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73493"},{"reference_url":"https://github.com/ansible/ansible/pull/73494","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73494"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20228","reference_id":"CVE-2021-20228","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14786?format=json","purl":"pkg:pypi/ansible@2.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/18262?format=json","purl":"pkg:pypi/ansible@2.9.18rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/18264?format=json","purl":"pkg:pypi/ansible@2.9.19rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/18265?format=json","purl":"pkg:pypi/ansible@2.9.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19"},{"url":"http://public2.vulnerablecode.io/api/packages/151620?format=json","purl":"pkg:pypi/ansible@2.10.6rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.6rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22087?format=json","purl":"pkg:pypi/ansible@2.10.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.6"}],"aliases":["CVE-2021-20228","GHSA-5rrg-rr89-x9mv","PYSEC-2021-1"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2v-jtqe-dqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35653?format=json","vulnerability_id":"VCID-am9g-ba4h-sfhr","summary":"A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25635.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25635","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23595","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25635"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible-collections/community.aws/issues/222","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.aws/issues/222"},{"reference_url":"https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1880275","reference_id":"1880275","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1880275"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25635","reference_id":"CVE-2020-25635","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25635"},{"reference_url":"https://github.com/advisories/GHSA-f556-49jc-4rvc","reference_id":"GHSA-f556-49jc-4rvc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f556-49jc-4rvc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18528?format=json","purl":"pkg:pypi/ansible@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-t2da-uh4n-yya2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1"}],"aliases":["CVE-2020-25635","GHSA-f556-49jc-4rvc","PYSEC-2020-220"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3444?format=json","vulnerability_id":"VCID-dkds-s3ad-cufa","summary":"information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3620.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3620.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3620","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3620"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3620","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52707","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3620"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975767","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975767"},{"reference_url":"https://github.com/advisories/GHSA-4r65-35qq-ch8j","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4r65-35qq-ch8j"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes"},{"reference_url":"https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://security.archlinux.org/AVG-1941","reference_id":"AVG-1941","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1941"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3620","reference_id":"CVE-2021-3620","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3620"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3871","reference_id":"RHSA-2021:3871","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:3871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3872","reference_id":"RHSA-2021:3872","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:3872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3874","reference_id":"RHSA-2021:3874","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:3874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4703","reference_id":"RHSA-2021:4703","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:4703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4750","reference_id":"RHSA-2021:4750","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:4750"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18281?format=json","purl":"pkg:pypi/ansible@2.9.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27"}],"aliases":["CVE-2021-3620","GHSA-4r65-35qq-ch8j","PYSEC-2022-164"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dkds-s3ad-cufa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35538?format=json","vulnerability_id":"VCID-etb4-2qch-6kgw","summary":"A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10684.json","reference_id":"","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10684.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10684","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08691","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10684"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684"},{"reference_url":"https://github.com/advisories/GHSA-p62g-jhg6-v3rq","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p62g-jhg6-v3rq"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/0b4788a71fc7d24ffa957a94ee5e23d6a9733ab0","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/0b4788a71fc7d24ffa957a94ee5e23d6a9733ab0"},{"reference_url":"https://github.com/ansible/ansible/commit/1d0d2645eed36ac4e17052ab4eacf240132d96fb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/1d0d2645eed36ac4e17052ab4eacf240132d96fb"},{"reference_url":"https://github.com/ansible/ansible/commit/5eabf7bb93c9bfc375b806a2b1f623d650cddc2b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/5eabf7bb93c9bfc375b806a2b1f623d650cddc2b"},{"reference_url":"https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-207.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-207.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1815519","reference_id":"1815519","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1815519"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10684","reference_id":"CVE-2020-10684","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15099?format=json","purl":"pkg:pypi/ansible@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7"}],"aliases":["CVE-2020-10684","GHSA-p62g-jhg6-v3rq","PYSEC-2020-207"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-etb4-2qch-6kgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7216?format=json","vulnerability_id":"VCID-gm99-68bj-c3cz","summary":"arbitrary command execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3583","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51238","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3583"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968412","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968412"},{"reference_url":"https://github.com/advisories/GHSA-2pfh-q76x-gwvm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2pfh-q76x-gwvm"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e"},{"reference_url":"https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847"},{"reference_url":"https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1"},{"reference_url":"https://github.com/ansible/ansible/pull/74960","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/74960"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://security.archlinux.org/AVG-2260","reference_id":"AVG-2260","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2260"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3583","reference_id":"CVE-2021-3583","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2663","reference_id":"RHSA-2021:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2664","reference_id":"RHSA-2021:2664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2664"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18272?format=json","purl":"pkg:pypi/ansible@2.9.23rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/18273?format=json","purl":"pkg:pypi/ansible@2.9.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23"},{"url":"http://public2.vulnerablecode.io/api/packages/140873?format=json","purl":"pkg:pypi/ansible@2.10.11rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.11rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/140874?format=json","purl":"pkg:pypi/ansible@2.11.2rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.11.2rc1"}],"aliases":["CVE-2021-3583","GHSA-2pfh-q76x-gwvm","PYSEC-2021-358"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gm99-68bj-c3cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7307?format=json","vulnerability_id":"VCID-hjc4-jcfm-7be5","summary":"information disclosure","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956477","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956477"},{"reference_url":"https://security.archlinux.org/AVG-2056","reference_id":"AVG-2056","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2056"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3533","reference_id":"CVE-2021-3533","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3533"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22508?format=json","purl":"pkg:pypi/ansible@3.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0"}],"aliases":["CVE-2021-3533","PYSEC-2021-126"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35520?format=json","vulnerability_id":"VCID-hq4d-92s2-vqg6","summary":"A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1733.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1733.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1733","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07997","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1733"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733"},{"reference_url":"https://github.com/advisories/GHSA-g4mq-6fp5-qwcf","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4mq-6fp5-qwcf"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/80b9a0a25c5f75e84aefc8f2b293fb1933b154f2","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/80b9a0a25c5f75e84aefc8f2b293fb1933b154f2"},{"reference_url":"https://github.com/ansible/ansible/commit/8251d9f4c2bc82632ab992277fcd30ccbf87aa47","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8251d9f4c2bc82632ab992277fcd30ccbf87aa47"},{"reference_url":"https://github.com/ansible/ansible/commit/ecf99d5e1ff732a7777010facd6c98bb0994605e","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/ecf99d5e1ff732a7777010facd6c98bb0994605e"},{"reference_url":"https://github.com/ansible/ansible/issues/67791","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67791"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-5.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-5.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801735","reference_id":"1801735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801735"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1733","reference_id":"CVE-2020-1733","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15099?format=json","purl":"pkg:pypi/ansible@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7"}],"aliases":["CVE-2020-1733","GHSA-g4mq-6fp5-qwcf","PYSEC-2020-5"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hq4d-92s2-vqg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35808?format=json","vulnerability_id":"VCID-pqj1-u787-g3aj","summary":"A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20178","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08367","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20178"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914774","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914774"},{"reference_url":"https://github.com/advisories/GHSA-wv5p-gmmv-wh9v","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wv5p-gmmv-wh9v"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C"},{"reference_url":"https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc"},{"reference_url":"https://github.com/ansible-collections/community.general/pull/1635","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.general/pull/1635"},{"reference_url":"https://github.com/ansible-collections/community.general/pull/1635,","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible-collections/community.general/pull/1635,"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753","reference_id":"985753","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753"},{"reference_url":"https://security.archlinux.org/ASA-202102-9","reference_id":"ASA-202102-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-9"},{"reference_url":"https://security.archlinux.org/AVG-1437","reference_id":"AVG-1437","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1437"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20178","reference_id":"CVE-2021-20178","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20178"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18263?format=json","purl":"pkg:pypi/ansible@2.9.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18"}],"aliases":["CVE-2021-20178","GHSA-wv5p-gmmv-wh9v","PYSEC-2021-106"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqj1-u787-g3aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35543?format=json","vulnerability_id":"VCID-qztj-r7zc-jue3","summary":"A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0216","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0218","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0218"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14905.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14905.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14905","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5093","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14905"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905"},{"reference_url":"https://github.com/advisories/GHSA-frxj-5j27-f8rf","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-frxj-5j27-f8rf"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-206.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-206.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1776943","reference_id":"1776943","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1776943"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14905","reference_id":"CVE-2019-14905","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0215","reference_id":"RHSA-2020:0215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0217","reference_id":"RHSA-2020:0217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0217"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15000?format=json","purl":"pkg:pypi/ansible@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.3"}],"aliases":["CVE-2019-14905","GHSA-frxj-5j27-f8rf","PYSEC-2020-206"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qztj-r7zc-jue3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35617?format=json","vulnerability_id":"VCID-vhxq-1hqq-77bx","summary":"An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14330.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14330","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4438","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14330"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330"},{"reference_url":"https://github.com/advisories/GHSA-785x-qw4v-6872","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-785x-qw4v-6872"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e"},{"reference_url":"https://github.com/ansible/ansible/issues/68400","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/68400"},{"reference_url":"https://github.com/ansible/ansible/pull/69653","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/69653"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-3.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-3.yaml"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1856815","reference_id":"1856815","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1856815"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14330","reference_id":"CVE-2020-14330","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14330"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3600","reference_id":"RHSA-2020:3600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3600"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18235?format=json","purl":"pkg:pypi/ansible@2.9.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12"},{"url":"http://public2.vulnerablecode.io/api/packages/18294?format=json","purl":"pkg:pypi/ansible@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0"}],"aliases":["CVE-2020-14330","GHSA-785x-qw4v-6872","PYSEC-2020-3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.0rc1"}