Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP3 package ansible, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (26)
CVE-2020-10684 — CVSS 7.9 (high): A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using…
CVE-2018-16837 — CVSS 7.8 (high): Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as…
CVE-2018-10875 — CVSS 7.8 (high): A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a…
CVE-2019-14846 — CVSS 7.8 (high): In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG…
CVE-2021-20228 — CVSS 7.5 (high): A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature…
CVE-2020-1737 — CVSS 7.5 (high): A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip…
CVE-2020-1734 — CVSS 7.4 (high): A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen()…
CVE-2019-14904 — CVSS 7.3 (high): A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the…
CVE-2019-14905 — CVSS 5.6 (medium): A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in…
CVE-2020-14332 — CVSS 5.5 (medium): A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize…
CVE-2021-20180 — CVSS 5.5 (medium): A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature…
CVE-2021-20178 — CVSS 5.5 (medium): A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature…
CVE-2020-10729 — CVSS 5.5 (medium): A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal…
CVE-2021-20191 — CVSS 5.5 (medium): A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log…
CVE-2019-10156 — CVSS 5.4 (medium): A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of…
CVE-2020-10691 — CVSS 5.2 (medium): An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install…
CVE-2020-10685 — CVSS 5.0 (medium): A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as…
CVE-2020-14330 — CVSS 5.0 (medium): An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content…
CVE-2020-1733 — CVSS 5.0 (medium): A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an…
CVE-2020-1746 — CVSS 5.0 (medium): A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7…
CVE-2020-1753 — CVSS 5.0 (medium): A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all…
CVE-2020-1735 — CVSS 4.2 (medium): A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then…
CVE-2020-1739 — CVSS 3.9 (low): A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of…
CVE-2020-1738 — CVSS 3.9 (low): A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task…
CVE-2020-1740 — CVSS 3.9 (low): A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another…
CVE-2020-1736 — CVSS 2.2 (low): A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the…