ansible (SUSE:Package Hub 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 package ansible, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2017-7481 — CVSS 9.8 (critical): Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the…
CVE-2017-7466 — CVSS 8.0 (high): Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control…
CVE-2018-16837 — CVSS 7.8 (high): Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as…
CVE-2018-10875 — CVSS 7.8 (high): A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a…
CVE-2018-10855 — CVSS 5.9 (medium): Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used…
CVE-2018-16876 — CVSS 5.3 (medium): ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to…
CVE-2018-16859 — CVSS 4.2 (medium): Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become'…
CVE-2019-3828 — CVSS 4.2 (medium): Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files…