Redhat Ansible vulnerabilities

CVE-2019-3828 [MEDIUM] CWE-22 CVE-2019-3828: Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

CVE-2018-16876 [MEDIUM] CWE-200 CVE-2018-16876: ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

CVE-2018-10855 [HIGH] CWE-532 Ansible exposes sensitive data in log files and on the terminal Ansible exposes sensitive data in log files and on the terminal Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

CVE-2016-8647 [MEDIUM] CWE-20 Improper Input Validation in ansible Improper Input Validation in ansible An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

CVE-2017-7481 [CRITICAL] CWE-20 Ansible fails to properly mark lookup-plugin results as unsafe Ansible fails to properly mark lookup-plugin results as unsafe Ansible before versions 2.1.6.0, 2.2.3.0, 2.3.1.0, and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now mar

CVE-2016-8628 [CRITICAL] CWE-77 CVE-2016-8628: Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible control Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.

CVE-2016-8614 [HIGH] CWE-358 CVE-2016-8614: A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fi A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.

CVE-2017-7466 [HIGH] CWE-20 CVE-2017-7466: Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from c Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

CVE-2013-2233 [HIGH] CWE-320 CVE-2013-2233: Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by le Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.

CVE-2016-9587 [HIGH] CWE-20 CVE-2016-9587: Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's hand Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible ser

CVE-2017-7550 [CRITICAL] CWE-532 CVE-2017-7550: A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain para A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module

CVE-2014-3498 [HIGH] CWE-20 CVE-2014-3498: The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary comma The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.

CVE-2015-6240 [HIGH] CWE-59 CVE-2015-6240: The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.

CVE-2016-3096 [HIGH] CWE-59 CVE-2016-3096: The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0. The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the

CVE-2015-3908 [MEDIUM] CWE-345 CVE-2015-3908: Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2013-4259 [LOW] CWE-264 CVE-2013-4259: runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local us runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.

CVE-2013-4260 [LOW] CWE-264 CVE-2013-4260: lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.