ansible 2.9.22rc1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the ansible package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Insertion of Sensitive Information into Log File ansible is a simple IT automation system. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the `community.general.keycloak_user` module due to exposing the `credentials[].value` field in verbose output. An attacker can obtain sensitive credentials, such as plaintext passwords, by accessing verbose output logs generated during execution with debug modes enabled. How to fix Insertion of Sensitive Information into Log File? Upgrade `ansible` to version 12.0.0 or higher.	[,12.0.0)
M Credential Exposure ansible is a simple IT automation system. Affected versions of this package are vulnerable to Credential Exposure in `amazon.aws.ec2_instance`, which leaks passwords into logs when `tower_callback.windows` is set. This was resolved in version 5.1.0 of the `amazon.aws.ec2_instance` module. Note: You're only vulnerable if you're using the `amazon.aws` collection How to fix Credential Exposure? Upgrade `ansible` to version 7.0.0 or higher.	[2.5.0,7.0.0)
M Information Exposure ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure where user credentials are disclosed by default in the traceback error message of `set_options`. How to fix Information Exposure? Upgrade `ansible` to version 2.9.27 or higher.	[,2.9.27)
M Command Injection ansible is a simple IT automation system. Affected versions of this package are vulnerable to Command Injection. If a user is trying to put templates in multi-line yaml strings and the facts being handled don't routinely include special template characters, then their controller will be vulnerable to a template injection through the facts used in template. How to fix Command Injection? Upgrade `ansible` to version 2.9.23 or higher.	[,2.9.23)

Vulnerability

Vulnerable Version

Insertion of Sensitive Information into Log File

ansible is a simple IT automation system.

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the community.general.keycloak_user module due to exposing the credentials[].value field in verbose output. An attacker can obtain sensitive credentials, such as plaintext passwords, by accessing verbose output logs generated during execution with debug modes enabled.

How to fix Insertion of Sensitive Information into Log File?

Upgrade ansible to version 12.0.0 or higher.

[,12.0.0)

Credential Exposure

ansible is a simple IT automation system.

Affected versions of this package are vulnerable to Credential Exposure in amazon.aws.ec2_instance, which leaks passwords into logs when tower_callback.windows is set. This was resolved in version 5.1.0 of the amazon.aws.ec2_instance module. Note: You're only vulnerable if you're using the amazon.aws collection

How to fix Credential Exposure?

Upgrade ansible to version 7.0.0 or higher.

[2.5.0,7.0.0)

Information Exposure

ansible is a simple IT automation system.

Affected versions of this package are vulnerable to Information Exposure where user credentials are disclosed by default in the traceback error message of set_options.

How to fix Information Exposure?

Upgrade ansible to version 2.9.27 or higher.

[,2.9.27)

Command Injection

ansible is a simple IT automation system.

Affected versions of this package are vulnerable to Command Injection. If a user is trying to put templates in multi-line yaml strings and the facts being handled don't routinely include special template characters, then their controller will be vulnerable to a template injection through the facts used in template.

How to fix Command Injection?

Upgrade ansible to version 2.9.23 or higher.

[,2.9.23)

ansible@2.9.22rc1 vulnerabilities

Radically simple IT automation

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically