Search for packages
| purl | pkg:pypi/ansible@2.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4256-s7ta-aaar
Aliases: CVE-2018-16837 GHSA-hwrm-63v2-42g4 PYSEC-2018-44 |
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list. |
Affected by 41 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 34 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 35 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 39 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-px3x-t4ay-aaaa
Aliases: CVE-2018-10875 GHSA-fc4h-467w-46rh PYSEC-2018-43 |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. |
Affected by 41 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 0 other vulnerabilities. Affected by 35 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-qz75-v9j5-aaaa
Aliases: CVE-2021-20228 GHSA-5rrg-rr89-x9mv PYSEC-2021-1 |
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. |
Affected by 41 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 19 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 18 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 32 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 15 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 11 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 11 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 10 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 5 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 3 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-ucre-31md-aaad
Aliases: CVE-2019-14846 GHSA-pm48-cvv2-29q5 PYSEC-2019-4 PYSEC-2019-74 |
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. |
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 33 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 31 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 33 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-vpzy-gc78-aaag
Aliases: CVE-2018-10855 GHSA-jwcc-j78w-j73w PYSEC-2018-42 |
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. |
Affected by 41 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 0 other vulnerabilities. Affected by 38 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-yuxd-4zd7-aaab
Aliases: CVE-2021-3533 PYSEC-2021-126 |
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. |
Affected by 41 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 3 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-yxyq-9868-aaaj
Aliases: CVE-2018-10874 GHSA-3xvg-x47j-x75w PYSEC-2018-81 |
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. |
Affected by 41 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 35 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-zk4f-r19r-aaap
Aliases: CVE-2019-14858 GHSA-h653-95qw-h2mp PYSEC-2019-171 |
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task. |
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 33 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 31 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 32 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 1 other vulnerability.
This version is affected by these other vulnerabilities:
|
|
VCID-zx4q-ry22-aaam
Aliases: CVE-2018-7750 GHSA-232r-66cg-79px PYSEC-2018-19 |
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. |
Affected by 41 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||