| CVE-2017-7550 |
critical |
9.8 |
9.8 |
|
|
|
4y ago |
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive infor… |
| CVE-2014-3498 |
high |
8.8 |
8.8 |
|
|
|
4y ago |
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. |
| CVE-2016-9587 |
high |
— |
8.0 |
|
|
|
8y ago |
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed … |
| CVE-2015-6240 |
high |
7.8 |
7.8 |
|
|
|
9y ago |
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. |
| CVE-2016-3096 |
high |
7.8 |
7.8 |
|
|
|
10y ago |
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /… |
| CVE-2025-14010 |
medium |
5.5 |
5.5 |
|
|
|
6mo ago |
Ansible Community General Collection is vulnerable to exposure of sensitive information |
| CVE-2021-20180 |
medium |
— |
5.5 |
|
|
|
4y ago |
Insertion of Sensitive Information into Log File in ansible |
| CVE-2021-3620 |
medium |
— |
5.5 |
|
|
|
4y ago |
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest th… |
| CVE-2021-3583 |
medium |
— |
5.5 |
|
|
|
5y ago |
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-lin… |
| CVE-2021-3533 |
medium |
— |
5.5 |
|
|
|
5y ago |
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious,… |
| CVE-2021-20178 |
medium |
— |
5.5 |
|
|
|
5y ago |
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw… |
| CVE-2021-20191 |
medium |
— |
5.5 |
|
|
|
5y ago |
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage o… |
| CVE-2021-3447 |
medium |
— |
5.5 |
|
|
|
5y ago |
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controlle… |
| CVE-2015-3908 |
medium |
— |
4.3 |
|
|
|
11y ago |
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle … |
| CVE-2013-4260 |
low |
— |
3.3 |
|
|
|
13y ago |
lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a… |
| CVE-2013-4259 |
low |
— |
1.9 |
|
|
|
13y ago |
runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp… |