ansible (SUSE:Package Hub 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 12 package ansible, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2017-7481 — CVSS 9.8 (critical): Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the…
CVE-2017-7550 — CVSS 9.8 (critical): A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module…
CVE-2016-9587 — CVSS 8.1 (high): Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems…
CVE-2018-16837 — CVSS 7.8 (high): Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as…
CVE-2018-10875 — CVSS 7.8 (high): A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a…
CVE-2016-8628 — CVSS 7.6 (high): Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to…
CVE-2016-8614 — CVSS 6.3 (medium): A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary…
CVE-2018-16876 — CVSS 5.3 (medium): ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to…
CVE-2018-16859 — CVSS 4.2 (medium): Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become'…
CVE-2019-3828 — CVSS 4.2 (medium): Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files…