CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-10156 – ansible: unsafe template evaluation of returned module data can lead to information disclosure
https://notcve.org/view.php?id=CVE-2019-10156
09 Jul 2019 — A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed. Se detectó un fallo en la manera en que fueron implementadas las plantillas de Ansible en versiones anteriores a 2.6.18, 2.7.12 y 2.8.2, causando la posibilidad de revelación de información mediante la sus... • https://access.redhat.com/errata/RHSA-2019:3744 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 1CVE-2019-3828 – Ansible: path traversal in the fetch module
https://notcve.org/view.php?id=CVE-2019-3828
20 Feb 2019 — Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. El módulo fetch de Ansible, en versiones anteriores a las 2.5.15, 2.6.14 y 2.7.8, tiene una vulnerabilidad de salto de directorio que permite la copia y la sobrescritura de archivos fuera de la carpeta especificada en el host del controlador local de Ansible medi... • https://packetstorm.news/files/id/172837 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 1%CPEs: 17EXPL: 0CVE-2018-16876 – ansible: Information disclosure in vvv+ mode with no_log on
https://notcve.org/view.php?id=CVE-2018-16876
18 Dec 2018 — ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. ansible en versiones anteriores a las 2.5.14, 2.6.11 y 2.7.5 es vulnerable a un fallo de divulgación de información en el modo vvv+ con "no_log" habilitado, el cual podría provocar el filtrado de datos sensibles. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •