Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:redhat:ansible:1.4.5:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-10156 |
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed. Published: July 30, 2019; 7:15:12 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2016-8614 |
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. Published: July 31, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-8628 |
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as. Published: July 31, 2018; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 9.0 HIGH |
CVE-2017-7466 |
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. Published: June 22, 2018; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 8.0 HIGH V2.0: 8.5 HIGH |
CVE-2016-9587 |
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. Published: April 24, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2014-3498 |
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. Published: June 08, 2017; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2015-6240 |
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. Published: June 07, 2017; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-3096 |
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. Published: June 03, 2016; 10:59:04 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2015-3908 |
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Published: August 12, 2015; 10:59:21 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |