Search CVE reports
11 – 20 of 83 results
Some fixes available 3 of 12
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the...
2 affected packages
ansible-core, ansible
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release |
| ansible | Not affected | Fixed | Fixed | Fixed |
A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove...
3 affected packages
ansible, ansible-core, ansible-base
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release |
| ansible-base | Not in release | Not in release | Not in release | Not in release |
Some fixes available 1 of 2
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer...
1 affected package
ansible-runner
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ansible-runner | — | Fixed | Not in release | Not in release |
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to...
1 affected package
ansible-runner
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ansible-runner | — | Not affected | Not in release | Not in release |
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private...
1 affected package
ansible-runner
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ansible-runner | — | Not affected | Not in release | Not in release |
Some fixes available 2 of 13
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is...
3 affected packages
ansible, ansible-base, ansible-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ansible | Vulnerable | Fixed | Fixed | Not affected |
| ansible-base | Not in release | Not in release | Not in release | Not in release |
| ansible-core | Not affected | Not affected | Not in release | Not in release |
Some fixes available 4 of 15
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts...
3 affected packages
ansible, ansible-base, ansible-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ansible | Vulnerable | Fixed | Fixed | Fixed |
| ansible-base | Not in release | Not in release | Not in release | Not in release |
| ansible-core | Not affected | Not affected | Not in release | Not in release |
Rejected reason: This vulnerability does not meet the criteria for a security vulnerability
3 affected packages
ansible, ansible-base, ansible-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ansible | — | Vulnerable | Vulnerable | Vulnerable |
| ansible-base | — | Not in release | Not in release | Not in release |
| ansible-core | — | Not affected | Not in release | Not in release |
Rejected reason: This CVE is marked as INVALID and not a bug
3 affected packages
ansible-core, ansible, ansible-base
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ansible-core | — | Not affected | Not in release | Not in release |
| ansible | — | Vulnerable | Vulnerable | Vulnerable |
| ansible-base | — | Not in release | Not in release | Not in release |
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose...
1 affected package
ansible
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |