Search for packages
Package details: pkg:pypi/ansible@2.4
purl pkg:pypi/ansible@2.4
Tags Ghost
Next non-vulnerable version 8.5.0
Latest non-vulnerable version 8.5.0
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-px3x-t4ay-aaaa
Aliases:
CVE-2018-10875
GHSA-fc4h-467w-46rh
PYSEC-2018-43
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
2.4.6
Affected by 0 other vulnerabilities.
2.4.6.0
Affected by 35 other vulnerabilities.
2.5.6
Affected by 36 other vulnerabilities.
2.6.1
Affected by 36 other vulnerabilities.
VCID-vpzy-gc78-aaag
Aliases:
CVE-2018-10855
GHSA-jwcc-j78w-j73w
PYSEC-2018-42
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
2.4.5.0
Affected by 36 other vulnerabilities.
2.4.5
Affected by 0 other vulnerabilities.
2.5.5
Affected by 38 other vulnerabilities.
2.5.6
Affected by 36 other vulnerabilities.
2.6.0a1
Affected by 37 other vulnerabilities.
VCID-yxyq-9868-aaaj
Aliases:
CVE-2018-10874
GHSA-3xvg-x47j-x75w
PYSEC-2018-81
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
2.4.6.0
Affected by 35 other vulnerabilities.
2.5.6
Affected by 36 other vulnerabilities.
2.6.1
Affected by 36 other vulnerabilities.
VCID-zx4q-ry22-aaam
Aliases:
CVE-2018-7750
GHSA-232r-66cg-79px
PYSEC-2018-19
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
2.4.1.0
Affected by 37 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-09-17T22:26:53.525228+00:00 GitLab Importer Affected by VCID-zx4q-ry22-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-7750.yml 34.0.1
2024-09-17T22:26:53.449029+00:00 GitLab Importer Affected by VCID-px3x-t4ay-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-10875.yml 34.0.1
2024-09-17T22:26:53.299647+00:00 GitLab Importer Affected by VCID-vpzy-gc78-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-10855.yml 34.0.1
2024-09-17T22:26:52.845744+00:00 GitLab Importer Affected by VCID-yxyq-9868-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-10874.yml 34.0.1
2024-01-03T17:52:50.482924+00:00 GitLab Importer Affected by VCID-zx4q-ry22-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-7750.yml 34.0.0rc1
2024-01-03T17:52:50.412619+00:00 GitLab Importer Affected by VCID-px3x-t4ay-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-10875.yml 34.0.0rc1
2024-01-03T17:52:50.317054+00:00 GitLab Importer Affected by VCID-vpzy-gc78-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-10855.yml 34.0.0rc1
2024-01-03T17:52:49.954622+00:00 GitLab Importer Affected by VCID-yxyq-9868-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-10874.yml 34.0.0rc1