VulnerableCode Package Details - pkg:deb/debian/ansible@2.10.7%2Bmerged%2Bbase%2B2.10.8%2Bdfsg-1

Search for packages

Package details: pkg:deb/debian/ansible@2.10.7%2Bmerged%2Bbase%2B2.10.8%2Bdfsg-1

Essentials
History (47)

purl	pkg:deb/debian/ansible@2.10.7%2Bmerged%2Bbase%2B2.10.8%2Bdfsg-1
Tags	Ghost

Next non-vulnerable version	7.7.0+dfsg-3+deb12u1
Latest non-vulnerable version	7.7.0+dfsg-3+deb12u1
Risk	4.0

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-2zwd-cb9n-aaaf Aliases: CVE-2021-3620 GHSA-4r65-35qq-ch8j PYSEC-2022-164	Ansible discloses sensitive information in traceback error message	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.0+dfsg-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.7.0+dfsg-3+deb12u1 Affected by 0 other vulnerabilities.
VCID-6n8k-ghk4-aaaf Aliases: CVE-2023-4237 GHSA-ww3m-ffrm-qvqv	ec2_key module prints out the private key directly to the standard output	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.7.0+dfsg-3+deb12u1 Affected by 0 other vulnerabilities. 9.4.0+dfsg-1 Affected by 0 other vulnerabilities. 9.5.1+dfsg-1 Affected by 0 other vulnerabilities.
VCID-9gda-985f-aaam Aliases: CVE-2023-5764 GHSA-7j69-qfc3-2fq9	ansible: Template Injection	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.0+dfsg-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.7.0+dfsg-3+deb12u1 Affected by 0 other vulnerabilities.
VCID-a6gj-c3pa-aaad Aliases: CVE-2021-20191 GHSA-8f4m-hccc-8qph PYSEC-2021-124	A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.0+dfsg-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ekq1-r5f7-aaan Aliases: CVE-2022-3697 GHSA-cpx3-93w7-457x	Improper Handling of Parameters A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.0+dfsg-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.7.0+dfsg-3+deb12u1 Affected by 0 other vulnerabilities.
VCID-fp7m-vzdr-aaap Aliases: CVE-2024-0690 GHSA-h24r-m9qc-pvpg PYSEC-2024-36	ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.0+dfsg-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.7.0+dfsg-3+deb12u1 Affected by 0 other vulnerabilities.
VCID-hx4y-7eby-aaad Aliases: CVE-2021-20180 GHSA-fh5v-5f35-2rv2	Insertion of Sensitive Information into Log File A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.0+dfsg-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-khtx-uv3b-aaaj Aliases: CVE-2023-5115 GHSA-jpvw-p8pr-9g2x	malicious role archive can cause ansible-galaxy to overwrite arbitrary files	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.0+dfsg-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.7.0+dfsg-3+deb12u1 Affected by 0 other vulnerabilities.
VCID-qzhf-2cvf-aaaf Aliases: CVE-2021-20178 GHSA-wv5p-gmmv-wh9v PYSEC-2021-106	A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.0+dfsg-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-xhtk-kssv-aaad Aliases: CVE-2021-3583 GHSA-2pfh-q76x-gwvm PYSEC-2021-358	A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.0+dfsg-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.7.0+dfsg-3+deb12u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-05-20T15:56:26.180551+00:00	Debian Importer	Affected by	VCID-fp7m-vzdr-aaap	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-05-20T15:36:03.110166+00:00	Debian Importer	Affected by	VCID-9gda-985f-aaam	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-05-20T15:08:39.054757+00:00	Debian Importer	Affected by	VCID-khtx-uv3b-aaaj	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-05-20T15:08:33.696565+00:00	Debian Importer	Affected by	VCID-khtx-uv3b-aaaj	None	34.0.0rc4
2024-04-26T04:57:58.338003+00:00	Debian Importer	Affected by	VCID-6n8k-ghk4-aaaf	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-25T19:07:32.476115+00:00	Debian Importer	Affected by	VCID-ekq1-r5f7-aaan	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-25T19:07:31.661990+00:00	Debian Importer	Affected by	VCID-ekq1-r5f7-aaan	None	34.0.0rc4
2024-04-25T01:48:39.925284+00:00	Debian Importer	Affected by	VCID-2zwd-cb9n-aaaf	None	34.0.0rc4
2024-04-25T01:48:38.348525+00:00	Debian Importer	Affected by	VCID-2zwd-cb9n-aaaf	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-25T01:41:57.318670+00:00	Debian Importer	Affected by	VCID-xhtk-kssv-aaad	None	34.0.0rc4
2024-04-25T01:41:56.482214+00:00	Debian Importer	Affected by	VCID-xhtk-kssv-aaad	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-24T21:01:54.143580+00:00	Debian Importer	Affected by	VCID-a6gj-c3pa-aaad	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-24T21:01:44.679918+00:00	Debian Importer	Affected by	VCID-a6gj-c3pa-aaad	None	34.0.0rc4
2024-04-24T21:01:26.429009+00:00	Debian Importer	Affected by	VCID-hx4y-7eby-aaad	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-24T21:01:24.806742+00:00	Debian Importer	Affected by	VCID-hx4y-7eby-aaad	None	34.0.0rc4
2024-04-24T21:01:15.123631+00:00	Debian Importer	Affected by	VCID-qzhf-2cvf-aaaf	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-24T21:01:10.366641+00:00	Debian Importer	Affected by	VCID-qzhf-2cvf-aaaf	None	34.0.0rc4
2024-04-24T18:30:33.468324+00:00	Debian Importer	Fixing	VCID-t2tw-36t9-aaab	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-24T18:30:25.598256+00:00	Debian Importer	Fixing	VCID-t2tw-36t9-aaab	None	34.0.0rc4
2024-04-24T14:39:17.430827+00:00	Debian Importer	Fixing	VCID-wkkk-5njy-aaaa	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-24T14:39:13.603709+00:00	Debian Importer	Fixing	VCID-wkkk-5njy-aaaa	None	34.0.0rc4
2024-04-24T14:35:00.523876+00:00	Debian Importer	Fixing	VCID-zk4f-r19r-aaap	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-24T14:34:58.953772+00:00	Debian Importer	Fixing	VCID-zk4f-r19r-aaap	None	34.0.0rc4
2024-01-12T00:21:40.768184+00:00	Debian Importer	Affected by	VCID-ekq1-r5f7-aaan	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-12T00:21:33.149965+00:00	Debian Importer	Affected by	VCID-ekq1-r5f7-aaan	None	34.0.0rc2
2024-01-11T02:46:59.200132+00:00	Debian Importer	Affected by	VCID-2zwd-cb9n-aaaf	None	34.0.0rc2
2024-01-11T02:46:58.326214+00:00	Debian Importer	Affected by	VCID-2zwd-cb9n-aaaf	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-11T02:38:25.754389+00:00	Debian Importer	Affected by	VCID-xhtk-kssv-aaad	None	34.0.0rc2
2024-01-11T02:38:24.848939+00:00	Debian Importer	Affected by	VCID-xhtk-kssv-aaad	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-10T22:05:34.479668+00:00	Debian Importer	Affected by	VCID-a6gj-c3pa-aaad	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-10T22:05:24.660770+00:00	Debian Importer	Affected by	VCID-a6gj-c3pa-aaad	None	34.0.0rc2
2024-01-10T22:05:13.810507+00:00	Debian Importer	Affected by	VCID-hx4y-7eby-aaad	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-10T22:05:06.301958+00:00	Debian Importer	Affected by	VCID-hx4y-7eby-aaad	None	34.0.0rc2
2024-01-10T22:04:56.784382+00:00	Debian Importer	Affected by	VCID-qzhf-2cvf-aaaf	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-10T22:04:51.903100+00:00	Debian Importer	Affected by	VCID-qzhf-2cvf-aaaf	None	34.0.0rc2
2024-01-05T04:19:47.718665+00:00	Debian Importer	Affected by	VCID-ekq1-r5f7-aaan	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-05T04:19:46.901083+00:00	Debian Importer	Affected by	VCID-ekq1-r5f7-aaan	None	34.0.0rc1
2024-01-04T15:02:42.198229+00:00	Debian Importer	Affected by	VCID-2zwd-cb9n-aaaf	None	34.0.0rc1
2024-01-04T15:02:41.377494+00:00	Debian Importer	Affected by	VCID-2zwd-cb9n-aaaf	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-04T14:56:30.622262+00:00	Debian Importer	Affected by	VCID-xhtk-kssv-aaad	None	34.0.0rc1
2024-01-04T14:56:29.829793+00:00	Debian Importer	Affected by	VCID-xhtk-kssv-aaad	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-04T11:19:47.111965+00:00	Debian Importer	Affected by	VCID-a6gj-c3pa-aaad	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-04T11:19:37.431426+00:00	Debian Importer	Affected by	VCID-a6gj-c3pa-aaad	None	34.0.0rc1
2024-01-04T11:19:26.885973+00:00	Debian Importer	Affected by	VCID-hx4y-7eby-aaad	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-04T11:19:19.718954+00:00	Debian Importer	Affected by	VCID-hx4y-7eby-aaad	None	34.0.0rc1
2024-01-04T11:19:10.408611+00:00	Debian Importer	Affected by	VCID-qzhf-2cvf-aaaf	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-04T11:19:05.593526+00:00	Debian Importer	Affected by	VCID-qzhf-2cvf-aaaf	None	34.0.0rc1