CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat » Ansible : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-20191 532 2021-05-26 2021-06-03
2.1
None Local Low Not required Partial None None
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
2 CVE-2021-20178 532 2021-05-26 2021-06-03
2.1
None Local Low Not required Partial None None
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
3 CVE-2021-3447 532 2021-04-01 2021-06-03
2.1
None Local Low Not required Partial None None
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.
4 CVE-2020-25636 552 2020-10-05 2020-10-09
3.6
None Local Low Not required None Partial Partial
A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.
5 CVE-2020-25635 212 2020-10-05 2020-10-08
2.1
None Local Low Not required Partial None None
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.
6 CVE-2020-10744 668 2020-05-15 2020-05-29
3.7
None Local High Not required Partial Partial Partial
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.
7 CVE-2020-10684 94 2020-03-24 2020-06-13
3.6
None Local Low Not required None Partial Partial
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
8 CVE-2020-1740 200 +Info 2020-03-16 2020-06-13
1.9
None Local Medium Not required Partial None None
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
9 CVE-2020-1739 200 +Info 2020-03-12 2020-05-29
3.3
None Local Medium Not required Partial Partial None
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
10 CVE-2020-1738 88 2020-03-16 2020-06-13
2.6
None Local High Not required None Partial Partial
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
11 CVE-2020-1736 732 2020-03-16 2020-09-08
2.1
None Local Low Not required Partial None None
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
12 CVE-2020-1735 22 Dir. Trav. 2020-03-16 2020-06-13
3.6
None Local Low Not required Partial Partial None
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
13 CVE-2020-1733 668 +Priv 2020-03-11 2020-06-13
3.7
None Local High Not required Partial Partial Partial
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.
14 CVE-2019-14904 78 2020-08-26 2021-01-28
6.1
None Local Low Not required Complete Partial Partial
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
15 CVE-2019-14864 532 2020-01-02 2020-04-13
4.0
None Remote Low ??? Partial None None
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
16 CVE-2019-14856 287 2019-11-26 2020-12-04
4.0
None Remote Low ??? Partial None None
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
17 CVE-2019-10217 200 +Info 2019-11-25 2020-04-13
4.0
None Remote Low ??? Partial None None
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.
18 CVE-2019-10206 20 2019-11-22 2020-04-13
4.0
None Remote Low ??? Partial None None
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
19 CVE-2019-10156 200 +Info 2019-07-30 2021-01-28
5.5
None Remote Low ??? Partial Partial None
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
20 CVE-2019-3828 22 Dir. Trav. 2019-03-27 2020-05-21
3.3
None Local Medium Not required Partial Partial None
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
21 CVE-2018-16876 200 +Info 2019-01-03 2020-05-29
3.5
None Remote Medium ??? Partial None None
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
22 CVE-2017-7466 20 Exec Code 2018-06-22 2019-10-09
8.5
None Remote Medium ??? Complete Complete Complete
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
23 CVE-2016-8628 77 Exec Code 2018-07-31 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
24 CVE-2016-8614 320 2018-07-31 2019-10-09
5.0
None Remote Low Not required None Partial None
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
25 CVE-2016-3096 59 +Priv 2016-06-03 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.
26 CVE-2015-6240 59 2017-06-07 2019-09-16
7.2
None Local Low Not required Complete Complete Complete
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
27 CVE-2015-3908 345 2015-08-12 2019-09-16
4.3
None Remote Medium Not required None Partial None
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
28 CVE-2014-4967 74 Exec Code 2020-02-18 2020-02-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.
29 CVE-2014-4966 74 Exec Code 2020-02-18 2020-02-26
7.5
None Remote Low Not required Partial Partial Partial
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.
30 CVE-2014-4678 74 Exec Code 2020-02-20 2020-02-25
7.5
None Remote Low Not required Partial Partial Partial
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
31 CVE-2014-4660 522 +Info 2020-02-20 2020-02-25
2.1
None Local Low Not required Partial None None
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:[email protected]:port/" format.
32 CVE-2014-4659 522 +Info 2020-02-20 2020-02-25
2.1
None Local Low Not required Partial None None
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:[email protected]:port/" format.
33 CVE-2014-4658 200 +Info 2020-02-20 2020-02-25
2.1
None Local Low Not required Partial None None
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
34 CVE-2014-4657 20 Exec Code 2020-02-20 2020-02-25
7.5
None Remote Low Not required Partial Partial Partial
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
35 CVE-2014-3498 20 Exec Code 2017-06-08 2018-10-30
6.5
None Remote Low ??? Partial Partial Partial
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.
36 CVE-2014-2686 670 2020-01-09 2020-01-21
5.0
None Remote Low Not required None Partial None
Ansible prior to 1.5.4 mishandles the evaluation of some strings.
37 CVE-2013-4260 264 2013-09-16 2018-10-30
3.3
None Local Medium Not required None Partial Partial
lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.
38 CVE-2013-4259 264 2013-09-16 2018-10-30
1.9
None Local Medium Not required Partial None None
runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.
39 CVE-2013-2233 320 2018-05-04 2018-06-07
5.8
None Remote Medium Not required Partial Partial None
Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
Total number of vulnerabilities : 39   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.