Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Ansible Subscribe

Filter

8 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10156 1 Redhat 3 Ansible, Ceph Storage, Openstack 2019-09-16 5.5
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended...
CVE-2015-6240 2 Ansibleworks, Redhat 2 Ansible, Ansible 2019-09-16 7.2
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
CVE-2015-3908 2 Ansibleworks, Redhat 2 Ansible, Ansible 2019-09-16 4.3
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary...
CVE-2018-16876 3 Redhat, Debian, Suse 8 Ansible, Debian Linux, Openstack and 5 more 2019-06-27 5.0
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
CVE-2016-3096 3 Ansibleworks, Fedoraproject, Redhat 3 Ansible, Fedora, Ansible 2018-10-30 7.2
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived...
CVE-2013-4260 2 Ansibleworks, Redhat 2 Ansible, Ansible 2018-10-30 3.3
lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.
CVE-2013-4259 2 Ansibleworks, Redhat 2 Ansible, Ansible 2018-10-30 1.9
runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.
CVE-2014-3498 2 Ansibleworks, Redhat 2 Ansible, Ansible 2018-10-30 6.5
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.