Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Client Tools 15 package ansible, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (28)
CVE-2017-7550 — CVSS 9.8 (critical): A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module…
CVE-2016-9587 — CVSS 8.1 (high): Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems…
CVE-2018-10874 — CVSS 7.8 (high): In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under…
CVE-2016-8628 — CVSS 7.6 (high): Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to…
CVE-2021-20228 — CVSS 7.5 (high): A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature…
CVE-2021-28148 — CVSS 7.5 (high): One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is…
CVE-2021-27962 — CVSS 7.1 (high): Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a…
CVE-2023-5764 — CVSS 7.1 (high): A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation…
CVE-2021-3583 — CVSS 7.1 (high): A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the…
CVE-2020-14365 — CVSS 7.1 (high): A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing…
CVE-2021-29622 — CVSS 6.5 (medium): Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To…
CVE-2021-28147 — CVSS 6.5 (medium): The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control…
CVE-2021-28146 — CVSS 6.5 (medium): The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an…
CVE-2024-1313 — CVSS 6.5 (medium): It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing…
CVE-2016-8614 — CVSS 6.3 (medium): A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary…
CVE-2021-20191 — CVSS 5.5 (medium): A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log…
CVE-2021-20180 — CVSS 5.5 (medium): A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature…
CVE-2021-20178 — CVSS 5.5 (medium): A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature…
CVE-2020-14332 — CVSS 5.5 (medium): A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize…
CVE-2021-3447 — CVSS 5.5 (medium): A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on…
CVE-2021-3620 — CVSS 5.5 (medium): A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is…
CVE-2024-8775 — CVSS 5.5 (medium): A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of…
CVE-2023-6152 — CVSS 5.4 (medium): A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration…
CVE-2020-10744 — CVSS 5.0 (medium): An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from…
CVE-2020-1753 — CVSS 5.0 (medium): A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all…
CVE-2024-0690 — CVSS 5.0 (medium): An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios…
CVE-2020-14330 — CVSS 5.0 (medium): An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content…
CVE-2016-8647 — CVSS 4.9 (medium): An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in…