Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 77 results


CVE-2021-3701

High priority
Ignored

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private...

1 affected packages

ansible-runner

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible-runner Not affected Not in release Not in release Ignored
Show less packages

CVE-2022-2568

Medium priority
Needs evaluation

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove...

3 affected packages

ansible, ansible-base, ansible-core

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ansible-base Not in release Not in release Not in release Not in release Not in release
ansible-core Needs evaluation Needs evaluation Not in release Not in release Not in release
Show less packages

CVE-2021-20180

Medium priority
Needs evaluation

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-3620

Medium priority

Some fixes available 2 of 12

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is...

3 affected packages

ansible, ansible-base, ansible-core

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Vulnerable Fixed Fixed Not affected Not affected
ansible-base Not in release Not in release Not in release Not in release Ignored
ansible-core Not affected Not affected Not in release Not in release Ignored
Show less packages

CVE-2021-3583

Medium priority

Some fixes available 4 of 14

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts...

3 affected packages

ansible, ansible-base, ansible-core

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Vulnerable Fixed Fixed Fixed Fixed
ansible-base Not in release Not in release Not in release Not in release Ignored
ansible-core Not affected Not affected Not in release Not in release Ignored
Show less packages

CVE-2020-10729

Medium priority
Needs evaluation

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2021-20191

Medium priority
Needs evaluation

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-20178

Medium priority
Needs evaluation

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-20228

Medium priority
Needs evaluation

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-3447

Medium priority
Needs evaluation

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages