Latest redhat ansible engine Vulnerabilities

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest thr...
redhat/ansible<0:2.9.27-1.el8a
redhat/ansible-core<0:2.11.6-1.el8a
redhat/ansible<0:2.9.27-1.el7ae
redhat/ansible<0:2.9.27-1.el8ae
redhat/ovirt-ansible-collection<0:1.6.5-1.el8e
=2.0
and 20 more
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, ...
Redhat Ansible Automation Platform=1.2
Redhat Ansible Tower=3.7.0
Redhat Ansible Engine=2.0
Redhat Ansible Tower=3.0
Redhat Enterprise Linux=7.0
Fedoraproject Fedora=34
and 1 more
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async...
Redhat Ansible Automation Platform=1.2
Redhat Ansible Tower=3.7.0
Redhat Ansible Engine=2.0
Redhat Ansible Tower=3.0
Redhat Enterprise Linux=7.0
Fedoraproject Fedora=34
and 1 more
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line...
redhat/ansible_tower<3.7
redhat/ansible_engine<2.9.23
=1.2
<2.9.23
<3.7.0
Redhat Ansible Automation Platform=1.2
and 3 more
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the `no_log` feature when using the sub-option feature of the basic.py module. This...
pip/ansible<2.8.19
pip/ansible>=2.9.0<2.9.18
pip/ansible>=2.10.0<2.10.7
redhat/ansible-engine<2.9.18
redhat/ansible<0:2.9.18-1.el7ae
redhat/ansible<0:2.9.18-1.el8ae
and 7 more
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the l...
Redhat Ansible Engine<2.9.12
Debian Debian Linux=10.0
debian/ansible
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during i...
pip/ansible>=2.9.0<2.9.13
pip/ansible<2.8.15
redhat/ansible-engine<2.8.15
redhat/ansible-engine<2.9.13
Redhat Ansible Engine>=2.8.0<=2.8.15
Redhat Ansible Engine>=2.9.0<=2.9.13
and 9 more
Ansible template caching generates identical values when consecutive facts are created from password lookup with same length. Values should be different to prevent generate same passwords for differen...
redhat/ansible-engine<2.9.6
Redhat Ansible Engine<2.9.6
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Debian Debian Linux=10.0
debian/ansible
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running `ansible-galaxy collection` install. When extracting a collection .tar.gz file, the directory is c...
Redhat Ansible Engine>=2.9.0<2.9.7
Redhat Ansible Tower=3.0
pip/ansible>=2.9.0<2.9.7
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and...
redhat/ansible-engine<2.7.17
redhat/ansible-engine<2.8.11
redhat/ansible-engine<2.9.7
redhat/ansible<0:2.7.17-1.el7ae
redhat/ansible<0:2.8.11-1.el7ae
redhat/ansible<0:2.8.11-1.el8ae
and 16 more
A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kuberne...
redhat/ansible-engine<2.7.18
redhat/ansible-engine<2.8.11
redhat/ansible-engine<2.9.7
Redhat Ansible Engine<2.7.18
Redhat Ansible Engine>=2.8.0<2.8.11
Redhat Ansible Engine>=2.9.0<2.9.7
and 9 more
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5...
pip/ansible>=2.9.0<2.9.7
pip/ansible>=2.8.0<2.8.11
pip/ansible<2.7.17
redhat/ansible-engine<2.7.17
redhat/ansible-engine<2.8.11
redhat/ansible-engine<2.9.7
and 8 more
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong...
Redhat Ansible Engine<2.7.17
Redhat Ansible Engine>=2.8.0<2.8.9
Redhat Ansible Engine>=2.9.0<2.9.6
Redhat Ansible Tower<=3.3.4
Redhat Ansible Tower>=3.4.0<=3.4.5
Redhat Ansible Tower>=3.5.0<=3.5.5
and 4 more
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable...
Redhat Ansible Engine<=2.7.16
Redhat Ansible Engine=2.8.8
Redhat Ansible Engine=2.9.5
Redhat Ansible Tower<=3.3.4
Redhat Ansible Tower=3.4.5
Redhat Ansible Tower=3.5.5
and 1 more
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a fl...
redhat/ansible-engine<2.9.4
redhat/ansible-engine<2.8.8
redhat/ansible-engine<2.7.16
Redhat Ansible Engine>=2.7.0<2.7.16
Redhat Ansible Engine>=2.8.0<2.8.8
Redhat Ansible Engine>=2.9.0<2.9.3
and 7 more
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to...
Redhat Ansible Engine>=2.0<=2.8.0
Redhat Ansible Tower>=3.0<=3.5.0
Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ansible_engine-3.5, was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logge...
pip/ansible-core<2.8.6
Redhat Ansible Engine<2.6.20
Redhat Ansible Engine>=2.7.0<2.7.14
Redhat Ansible Engine>=2.8.0<2.8.6
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 9 more
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
redhat/ansible-engine<2.5.14
redhat/ansible-engine<2.6.11
redhat/ansible-engine<2.7.5
ubuntu/ansible<2.5.1+dfsg-1ubuntu0.1
>=2.5.0<2.5.14
>=2.6.0<2.6.11
and 33 more
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user wi...
redhat/ansible-engine<2.5.13
redhat/ansible-engine<2.6.10
redhat/ansible-engine<2.7.4
Redhat Ansible Engine<2.5.13
Redhat Ansible Engine>=2.6.0<2.6.10
Redhat Ansible Engine>=2.7.0<2.7.4
and 1 more
"User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executa...
redhat/ansible-engine<2.7.1
redhat/ansible-engine<2.6.7
redhat/ansible-engine<2.5.11
ubuntu/ansible<2.5.1+dfsg-1ubuntu0.1
ubuntu/ansible<2.8.0
ubuntu/ansible<2.0.0.2-2ubuntu1.3
and 19 more
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing t...
redhat/ansible<2.4.6
redhat/ansible<2.5.6
redhat/ansible<2.6.1
ubuntu/ansible<2.5.1+dfsg-1ubuntu0.1
ubuntu/ansible<2.6.1+dfsg-1
ubuntu/ansible<2.0.0.2-2ubuntu1.3
and 41 more
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
ubuntu/ansible<2.5.1+dfsg-1ubuntu0.1
ubuntu/ansible<2.6.1+dfsg-1
=2.0
=2.4
=2.5
=2.6
and 15 more
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged,...
redhat/Ansible<2.4.5
redhat/Ansible<2.5.5
ubuntu/ansible<2.5.1+dfsg-1ubuntu0.1
ubuntu/ansible<2.5.5+dfsg-1
>=2.4<2.4.5
>2.5<=2.5.5
and 25 more

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203