Page 4 of 34 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-4658

https://notcve.org/view.php?id=CVE-2014-4658

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. El subsistema vault en Ansible versiones anteriores a 1.5.5, no establece el umask antes de la creación o modificación de un archivo vault, lo que permite a usuarios locales obtener información confidencial de claves mediante la lectura de un archivo. • https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md https://www.securityfocus.com/bid/68233 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-4660

https://notcve.org/view.php?id=CVE-2014-4660

Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. Ansible versiones anteriores a 1.5.5, construye nombres de archivos que contienen campos de usuario y contraseña sobre la base de líneas deb en sources.list, lo que podría permitir a usuarios locales obtener información confidencial de credenciales en circunstancias oportunistas al aprovechar la existencia de un archivo que utiliza el formato "deb http://user:pass@server:port/". • https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08 https://security-tracker.debian.org/tracker/CVE-2014-4660 https://www.openwall.com/lists/oss-security/2014/06/26/19 https://www.securityfocus.com/bid/68231 • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2019-14904 – Ansible: vulnerability in solaris_zone module via crafted solaris zone

https://notcve.org/view.php?id=CVE-2019-14904

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. Se encontró un fallo en el módulo solaris_zone de los módulos de la Comunidad Ansible. • https://bugzilla.redhat.com/show_bug.cgi?id=1776944 https://github.com/ansible/ansible/pull/65686 https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html https://www.debian.org/security/2021/dsa-4950 https://access.redhat.com/security/cve/CVE-2019-14904 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-2686

https://notcve.org/view.php?id=CVE-2014-2686

Ansible prior to 1.5.4 mishandles the evaluation of some strings. Ansible versiones anteriores a 1.5.4, maneja inapropiadamente la evaluación de algunas cadenas. • https://groups.google.com/forum/#%21searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ • CWE-670: Always-Incorrect Control Flow Implementation •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2019-10156 – ansible: unsafe template evaluation of returned module data can lead to information disclosure

https://notcve.org/view.php?id=CVE-2019-10156

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed. Se detectó un fallo en la manera en que fueron implementadas las plantillas de Ansible en versiones anteriores a 2.6.18, 2.7.12 y 2.8.2, causando la posibilidad de revelación de información mediante la sustitución inesperada de variables. Tomando ventaja de la sustitución involuntaria de variables, se puede divulgar el contenido de cualquier variable. A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. • https://access.redhat.com/errata/RHSA-2019:3744 https://access.redhat.com/errata/RHSA-2019:3789 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156 https://github.com/ansible/ansible/pull/57188 https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html https://www.debian.org/security/2021/dsa-4950 https://access.redhat.com/security/cve/CVE-2019-10156 https://bugzilla.redhat.com/show_bug • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •