VIR Vulnerability Intelligence Relay

Package impact

python PyPI / ansible

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-7550 critical 9.8 9.8 4y ago A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive infor… debiansuseredhatpython
CVE-2014-3498 high 8.8 8.8 4y ago The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. debianpythonredhat
CVE-2016-9587 high 8.0 8y ago Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed … debiansusearchpython
CVE-2015-6240 high 7.8 7.8 9y ago The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. debianpythonredhat
CVE-2016-3096 high 7.8 7.8 10y ago The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /… debianfedorapythonredhat
CVE-2013-4260 low 3.3 13y ago lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a… debianpythonredhat
CVE-2013-4259 low 1.9 13y ago runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp… debianpythonredhat