2.18.1
4 years ago
25 days ago
Known vulnerabilities in the ansible-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy. Affected versions of this package are vulnerable to Improper Input Validation through the use of the How to fix Improper Input Validation? Upgrade | [,2.18.0) |
ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy. Affected versions of this package are vulnerable to Incorrect Authorization through the Note: This is only exploitable if someone with root privileges uses the How to fix Incorrect Authorization? Upgrade | [,2.14.18rc1)[2.15.0b1,2.15.13rc1)[2.16.0b1,2.16.13rc1)[2.17.0b1,2.17.6rc1)[2.18.0b1,2.18.0rc2) |
ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy. Affected versions of this package are vulnerable to Exposure of Sensitive Information in Log Files when loading variables from Ansible Vault without setting Note: This is a similar vulnerability to the previously reported CVE-2024-0690. How to fix Exposure of Sensitive Information in Log Files? Upgrade | [,2.14.18rc1) |
ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs due to a failure to respect the How to fix Improper Output Neutralization for Logs? Upgrade | [,2.14.14)[2.15.0,2.15.9)[2.16.0,2.16.3) |
ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy. Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection'). An attacker can inject malicious code into the template, leading to unauthorized access and potential data compromise. How to fix Improper Control of Generation of Code ('Code Injection')? Upgrade | [,2.15.7rc1)[2.16.0,2.16.1rc1) |
ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy. Affected versions of this package are vulnerable to Command Injection. If a user is trying to put templates in multi-line yaml strings and the facts being handled don't routinely include special template characters, then their controller will be vulnerable to a template injection through the facts used in template. How to fix Command Injection? Upgrade | [,2.11.2) |
ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy. Affected versions of this package are vulnerable to Race Condition. The When this occurs, there is a race condition on the managed machine. A malicious, low privileged account on the remote machine can pre-create How to fix Race Condition? Upgrade | [,2.12.0b1) |
ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy. Affected versions of this package are vulnerable to Symlink Attack via the How to fix Symlink Attack? Upgrade | [,2.13.13rc1)[2.14.0,2.14.11rc1)[2.15.0,2.15.5rc1)[2.16.0b1,2.16.0b2) |