First published: Wed Jul 24 2019(Updated: )
It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156) It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875) It was discovered that Ansible fetch module had a path traversal vulnerability. A local attacker could copy and overwrite files outside of the specified destination. (CVE-2019-3828)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/ansible | <2.7.8+dfsg-1ubuntu0.19.04.1 | 2.7.8+dfsg-1ubuntu0.19.04.1 |
=19.04 | ||
All of | ||
ubuntu/ansible | <2.5.1+dfsg-1ubuntu0.1 | 2.5.1+dfsg-1ubuntu0.1 |
=18.04 | ||
All of | ||
ubuntu/ansible | <2.0.0.2-2ubuntu1.3 | 2.0.0.2-2ubuntu1.3 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of USN-4072-1 is not specified in the information provided.
To check if you are affected by USN-4072-1, you can verify your installed version of Ansible against the affected software versions listed.
To fix the vulnerabilities in USN-4072-1, you should update Ansible to the recommended version for your Ubuntu distribution.
You can find more information about the vulnerabilities in USN-4072-1 on the Ubuntu security website using the provided CVE references.
The Common Weakness Enumeration (CWE) for USN-4072-1 is CWE-22.