CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2686
https://notcve.org/view.php?id=CVE-2014-2686
09 Jan 2020 — Ansible prior to 1.5.4 mishandles the evaluation of some strings. Ansible versiones anteriores a 1.5.4, maneja inapropiadamente la evaluación de algunas cadenas. • https://groups.google.com/forum/#%21searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-14856 – ansible: Incomplete fix for CVE-2019-10206
https://notcve.org/view.php?id=CVE-2019-14856
24 Oct 2019 — ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None ansible versiones anteriores a 2.8.6, 2.7.14, 2.6.20 es vulnerable a un None The fix for CVE-2019-10206 was found to be incomplete for the data disclosure flaw in ansible. Password prompts in ansible-playbook and ansible-cli tools could expose passwords with special characters as they are not properly wrapped. A password with special characters is exposed starting with the first of these special characters. The highest threat from this vu... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-10206 – Ansible: disclosure data when prompted for password and template characters are passed
https://notcve.org/view.php?id=CVE-2019-10206
21 Aug 2019 — ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. ansible-playbook -k y ansible cli tools, todas las versiones 2.8.x anteriores a 2.8.4, todas las 2.7.x anteriores a 2.7.13 y todas las 2.6.x anteriores a 2.6.19, solicitan contraseñas mediante expansión de plantilla... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-10156 – ansible: unsafe template evaluation of returned module data can lead to information disclosure
https://notcve.org/view.php?id=CVE-2019-10156
09 Jul 2019 — A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed. Se detectó un fallo en la manera en que fueron implementadas las plantillas de Ansible en versiones anteriores a 2.6.18, 2.7.12 y 2.8.2, causando la posibilidad de revelación de información mediante la sus... • https://access.redhat.com/errata/RHSA-2019:3744 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 1CVE-2019-3828 – Ansible: path traversal in the fetch module
https://notcve.org/view.php?id=CVE-2019-3828
20 Feb 2019 — Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. El módulo fetch de Ansible, en versiones anteriores a las 2.5.15, 2.6.14 y 2.7.8, tiene una vulnerabilidad de salto de directorio que permite la copia y la sobrescritura de archivos fuera de la carpeta especificada en el host del controlador local de Ansible medi... • https://packetstorm.news/files/id/172837 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 1%CPEs: 17EXPL: 0CVE-2018-16876 – ansible: Information disclosure in vvv+ mode with no_log on
https://notcve.org/view.php?id=CVE-2018-16876
18 Dec 2018 — ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. ansible en versiones anteriores a las 2.5.14, 2.6.11 y 2.7.5 es vulnerable a un fallo de divulgación de información en el modo vvv+ con "no_log" habilitado, el cual podría provocar el filtrado de datos sensibles. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2016-8614 – Ubuntu Security Notice USN-7330-1
https://notcve.org/view.php?id=CVE-2016-8614
31 Jul 2018 — A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. Se ha descubierto un problema en versiones anteriores a la 2.2.0 de Ansible. El módulo apt_key no verifica correctamente las huellas de la clave, lo que permite que un adversario remoto cree una clave de OpenPGP que coincide con el ID de clave corto y la inyecte en luga... • http://www.securityfocus.com/bid/94108 • CWE-320: Key Management Errors CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2233
https://notcve.org/view.php?id=CVE-2013-2233
04 May 2018 — Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. Ansible en versiones anteriores a la 1.2.1 facilita que atacantes remotos lleven a cabo ataques Man-in-the-Middle (MitM) aprovechando el error a la hora de cachear claves de host SSH. • http://www.openwall.com/lists/oss-security/2013/07/01/2 • CWE-320: Key Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000149
https://notcve.org/view.php?id=CVE-2018-1000149
05 Apr 2018 — A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default. Existe una vulnerabilidad de Man-in-the-Middle (MitM) en el plugin Ansible en Jenkins, en versiones 0.8 y anteriores, en AbstractAnsibleInvocation.java, AnsibleAdHocComman... • https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7550 – ansible: jenkins_plugin module exposes passwords in remote host logs
https://notcve.org/view.php?id=CVE-2017-7550
19 Oct 2017 — A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation. Se encontró un fallo en la manera en la que Ansible (en versiones 2.3.x anteriores a la 2.3.3 y versiones 2.4.x anteriores a la 2.4.1) pasaba algu... • https://access.redhat.com/errata/RHSA-2017:2966 • CWE-532: Insertion of Sensitive Information into Log File •