threat
engine
.sh
Back
·
··:··
Home
/
Product
/
redhat ansible
Product
redhat ansible
53 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-0690
< 2.14.4
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scen
5.0
MEDIUM
CVE-2023-5764
< 2.14.12
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe desi
7.1
HIGH
CVE-2023-32983
<= 204.v8191fd551eb_f
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasin
5.3
MEDIUM
CVE-2023-32982
<= 204.v8191fd551eb_f
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins co
4.3
MEDIUM
CVE-2022-3697
>= 2.5.0 and < 2.10.0
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance
7.5
HIGH
CVE-2021-20180
< 2.9.18
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security
5.5
MEDIUM
CVE-2021-33924
all versions
Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary c
9.8
CRITICAL
CVE-2021-20191
< 2.8.19
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_l
5.5
MEDIUM
CVE-2021-20178
< 2.9.18
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security
5.5
MEDIUM
CVE-2021-3447
< 1.2.2
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-
5.5
MEDIUM
CVE-2020-2310
<= 1.0
Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate cred
4.3
MEDIUM
CVE-2020-25635
all versions
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run
5.0
MEDIUM
CVE-2020-25636
all versions
A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers.
6.6
MEDIUM
CVE-2019-14904
< 2.7.15
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris
7.3
HIGH
CVE-2020-10744
>= 2.7.0 and <= 2.7.18
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user f
5.0
MEDIUM
CVE-2020-10684
>= 2.7.0 and < 2.7.17
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using
7.9
HIGH
CVE-2020-1740
< 2.7.17
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit"
3.9
LOW
CVE-2020-1738
<= 2.7.16
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previ
3.9
LOW
CVE-2020-1736
<= 2.7.16
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This set
2.2
LOW
CVE-2020-1735
< 2.7.17
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, a
4.2
MEDIUM
CVE-2020-1739
<= 2.7.16
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "passw
3.9
LOW
CVE-2020-1733
<= 2.7.16
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with
5.0
MEDIUM
CVE-2014-4659
< 1.5.5
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential informat
5.5
MEDIUM
CVE-2014-4658
< 1.5.5
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows l
5.5
MEDIUM
CVE-2014-4657
< 1.5.4
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execut
9.8
CRITICAL
CVE-2014-4678
< 1.6.4
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execut
9.8
CRITICAL
CVE-2014-4660
< 1.5.5
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which mig
5.5
MEDIUM
CVE-2014-4967
< 1.6.7
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging
9.8
CRITICAL
CVE-2014-4966
< 1.6.7
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{"
9.8
CRITICAL
CVE-2014-2686
< 1.5.4
Ansible prior to 1.5.4 mishandles the evaluation of some strings.
7.5
HIGH
CVE-2019-14864
>= 2.7.0 and < 2.7.15
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_l
6.5
MEDIUM
CVE-2019-14856
>= 2.6.0 and < 2.6.20
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
6.5
MEDIUM
CVE-2019-10217
>= 2.8.0 and < 2.8.4
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of th
6.5
MEDIUM
CVE-2019-10206
>= 2.6.0 and < 2.6.19
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, p
6.5
MEDIUM
CVE-2019-10156
< 2.6.18
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possi
5.4
MEDIUM
CVE-2019-3828
>= 2.5.0 and < 2.5.15
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting
4.2
MEDIUM
CVE-2018-16876
>= 2.5.0 and < 2.5.14
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can
5.3
MEDIUM
CVE-2016-8614
< 2.2.0
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote ad
6.3
MEDIUM
CVE-2016-8628
< 2.2.0
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the abil
7.6
HIGH
CVE-2017-7466
< 2.3
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker wit
8.0
HIGH
CVE-2013-2233
< 1.2.1
Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH
7.4
HIGH
CVE-2016-9587
< 2.1.4
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client
8.1
HIGH
CVE-2018-1000149
<= 0.8
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCo
5.6
MEDIUM
CVE-2017-7550
>= 2.3.0 and < 2.3.3
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin m
9.8
CRITICAL
CVE-2014-3498
<= 1.6.5
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.
8.8
HIGH
CVE-2015-6240
<= 1.9.1
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a s
7.8
HIGH
CVE-2016-3096
<= 1.9.6
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to writ
7.8
HIGH
CVE-2015-3908
<= 1.9.1
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAl
CVE-2015-1482
<= 2.0.4
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via
CVE-2015-1481
<= 2.0.4
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser a
CVE-2015-1368
<= 2.0.2
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to injec
CVE-2013-4260
all versions
lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to
CVE-2013-4259
<= 1.2.2
runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin