ansible 2.9.22rc1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the ansible package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Credential Exposure ansible is a simple IT automation system. Affected versions of this package are vulnerable to Credential Exposure in `amazon.aws.ec2_instance`, which leaks passwords into logs when `tower_callback.windows` is set. This was resolved in version 5.1.0 of the `amazon.aws.ec2_instance` module. Note: You're only vulnerable if you're using the `amazon.aws` collection How to fix Credential Exposure? Upgrade `ansible` to version 7.0.0 or higher.	[2.5.0,7.0.0)
M Information Exposure ansible is a simple IT automation system. Affected versions of this package are vulnerable to Information Exposure where user credentials are disclosed by default in the traceback error message of `set_options`. How to fix Information Exposure? Upgrade `ansible` to version 2.9.27 or higher.	[,2.9.27)
M Command Injection ansible is a simple IT automation system. Affected versions of this package are vulnerable to Command Injection. If a user is trying to put templates in multi-line yaml strings and the facts being handled don't routinely include special template characters, then their controller will be vulnerable to a template injection through the facts used in template. How to fix Command Injection? Upgrade `ansible` to version 2.9.23 or higher.	[,2.9.23)

Vulnerability

Vulnerable Version

Credential Exposure

ansible is a simple IT automation system.

Affected versions of this package are vulnerable to Credential Exposure in amazon.aws.ec2_instance, which leaks passwords into logs when tower_callback.windows is set. This was resolved in version 5.1.0 of the amazon.aws.ec2_instance module. Note: You're only vulnerable if you're using the amazon.aws collection

How to fix Credential Exposure?

Upgrade ansible to version 7.0.0 or higher.

[2.5.0,7.0.0)

Information Exposure

ansible is a simple IT automation system.

Affected versions of this package are vulnerable to Information Exposure where user credentials are disclosed by default in the traceback error message of set_options.

How to fix Information Exposure?

Upgrade ansible to version 2.9.27 or higher.

[,2.9.27)

Command Injection

ansible is a simple IT automation system.

Affected versions of this package are vulnerable to Command Injection. If a user is trying to put templates in multi-line yaml strings and the facts being handled don't routinely include special template characters, then their controller will be vulnerable to a template injection through the facts used in template.

How to fix Command Injection?

Upgrade ansible to version 2.9.23 or higher.

[,2.9.23)

ansible@2.9.22rc1 vulnerabilities

Radically simple IT automation

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically