11.1.0
11 years ago
19 days ago
Known vulnerabilities in the ansible package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Credential Exposure in How to fix Credential Exposure? Upgrade | [2.5.0,7.0.0) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure where user credentials are disclosed by default in the traceback error message of How to fix Information Exposure? Upgrade | [,2.9.27) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Command Injection. If a user is trying to put templates in multi-line yaml strings and the facts being handled don't routinely include special template characters, then their controller will be vulnerable to a template injection through the facts used in template. How to fix Command Injection? Upgrade | [,2.9.23) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. How to fix Information Exposure? Upgrade | [,2.9.6) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. When managing kubernetes using the k8s module, sensitive parameters such as passwords and tokens are passed to How to fix Information Exposure? Upgrade | [2.9.0,2.9.7)[2.8.0,2.8.11)[2.7.0,2.7.17) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. In several modules parameters containing credentials are being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the How to fix Information Exposure? Upgrade | [0,2.8.20)[2.9.0,2.9.20) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. It leaks sensitive info such as secret values. This could lead in disclosing those credentials for every user which has access to the output of playbook execution. How to fix Information Exposure? Upgrade | [,2.8.19)[2.9.0,2.9.18) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. The return value of a specific module i.e. How to fix Information Exposure? Upgrade | [,2.8.19)[2.9.0,2.9.18)[2.10.0,2.10.7) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. How to fix Information Exposure? Upgrade | [,2.8.19)[2.9.0,2.9.18) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. A few different modules in Ansible-collection leaks sensitive data such as secret values. This could lead in disclosing those credentials for every user which has access to the output of playbook execution. How to fix Information Exposure? Upgrade | [,2.8.19)[2.9.0,2.9.18) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. When using uri module keys are not properly masked and sensitive data is exposed into content and json output. How to fix Information Exposure? Upgrade | [,2.8.14)[2.9.0,2.9.12) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. When using How to fix Information Exposure? Upgrade | [,2.8.14)[2.9.0,2.9.12) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Race Condition. This flaw refers to the incomplete fix for How to fix Race Condition? Upgrade | [2.9.0b1,2.9.10)[,2.8.13) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Credential Exposure. When using modules which decrypt vault files such as How to fix Credential Exposure? Upgrade | [2.7.0,2.7.17)[2.8.0,2.8.11)[2.9.0,2.9.7) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Remote Code Execution (RCE). It allows using ansible How to fix Remote Code Execution (RCE)? Upgrade | [,2.7.17)[2.8.0,2.8.9)[2.9.0,2.9.6) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Directory Traversal. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. How to fix Directory Traversal? Upgrade | [2.7.0,2.7.17)[2.8.0a1,2.8.11)[2.9.0b1,2.9.7) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. When a user executes How to fix Information Exposure? Upgrade | [2.7.0,2.7.17)[2.8.0a1,2.8.11)[2.9.0b1,2.9.7) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Arbitrary Code Execution. A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. Both package and service modules use facts to determine the name of the module to run if use is not passed to the module. The ansible_facts['pkg_mgr'] and ansible_facts['service_mgr'] facts could be set to another module name or a module name installed in a collection such as ansible_collections.namespace.name./tmp/reverse-shell, which would allow arbitrary code execution on the managed node. Note The maintainer disputes this vulnerability How to fix Arbitrary Code Execution? Upgrade | [2.7.0,2.7.17)[2.8.0,2.8.11)[2.9.0,2.9.7) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. When a file is moved using How to fix Information Exposure? Upgrade | [2.7.0,2.7.17)[2.8.0,2.8.11)[2.9.0,2.9.7) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Race Condition. A race condition flaw exists when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in How to fix Race Condition? Upgrade | [,2.7.17)[2.8.0,2.8.9)[2.9.0,2.9.6) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. When a password is set with the argument How to fix Information Exposure? Upgrade | [2.7.0,2.7.17)[2.8.0a1,2.8.11)[2.9.0b1,2.9.7) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). A flaw was found when using the How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade | [,2.7.17)[2.8.0,2.8.9)[2.9.0,2.9.6) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Arbitrary Command Execution. The pipe lookup plugin uses Note The maintainer disputes this vulnerability How to fix Arbitrary Command Execution? Upgrade | [2.7.0,2.7.17)[2.8.0,2.8.11)[2.9.0,2.9.7) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. A flaw was found in How to fix Information Exposure? Upgrade | [2.7.0,2.7.17)[2.8.0a1,2.8.11)[2.9.0b1,2.9.7) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Arbitrary Code Execution. Filenames in the How to fix Arbitrary Code Execution? Upgrade | [2.9.0,2.9.3)[2.8.0,2.8.8)[,2.7.16) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Arbitrary Code Injection. The How to fix Arbitrary Code Injection? Upgrade | [0,2.9.4) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. Splunk and Sumologic callback plugins leak sensitive data in logs. How to fix Information Exposure? Upgrade | [2.9.0b1,2.9.1)[2.8.0,2.8.7)[,2.7.15) |
ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure. Execution of How to fix Information Exposure? Upgrade | [,2.5.13)[2.6.0,2.6.10)[2.7.0,2.7.4)[2.7.5,2.8.1) |