ansible@2.10.0a9 vulnerabilities

Radically simple IT automation

latest version

9.5.1
latest non vulnerable version

10.0.0a3
first published

11 years ago
latest version published

a month ago
licenses detected
- GPL-3.0
  [0,)
View ansible package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the ansible package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Credential Exposure ansible is a simple IT automation system. Affected versions of this package are vulnerable to Credential Exposure in `amazon.aws.ec2_instance`, which leaks passwords into logs when `tower_callback.windows` is set. This was resolved in version 5.1.0 of the `amazon.aws.ec2_instance` module. Note: You're only vulnerable if you're using the `amazon.aws` collection How to fix Credential Exposure? Upgrade `ansible` to version 7.0.0 or higher.	[2.5.0,7.0.0)
H Information Exposure ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. Logging with ansible is set at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. How to fix Information Exposure? Upgrade `ansible` to version 2.9.12, 2.8.6, 2.10.0, 2.7.14 or higher.	[2.9.0,2.9.12) [2.8.0,2.8.6) [2.10.0a1,2.10.0) [,2.7.14)

Credential Exposure

ansible is a simple IT automation system.

Affected versions of this package are vulnerable to Credential Exposure in amazon.aws.ec2_instance, which leaks passwords into logs when tower_callback.windows is set. This was resolved in version 5.1.0 of the amazon.aws.ec2_instance module. Note: You're only vulnerable if you're using the amazon.aws collection

How to fix Credential Exposure?

Upgrade ansible to version 7.0.0 or higher.

[2.5.0,7.0.0)

Information Exposure

ansible is a simple IT automation system.

Affected versions of this package are vulnerable to Information Exposure. Logging with ansible is set at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.

How to fix Information Exposure?

Upgrade ansible to version 2.9.12, 2.8.6, 2.10.0, 2.7.14 or higher.

[2.9.0,2.9.12) [2.8.0,2.8.6) [2.10.0a1,2.10.0) [,2.7.14)

Go back to all versions of this package

ansible@2.10.0a9 vulnerabilities

Radically simple IT automation

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities