Workflow

Ansible

Latest version: v9.5.1

Vulnerabilities (56)

CVE/PVE Vulnerability ID Advisory Affected versions Severity Severity Score
CVE-2021-20191 42856

Ansible 2.8.19, 2.9.18 and 2.10.7 include a fix for CVE-2021-20191: C…
  • <2.8.19
  • >=2.9.0b1,<2.9.18
  • >=2.10.0a1,<2.10.7
 MEDIUM 5.5
CVE-2019-14904 42881

Ansible versions 2.7.16, 2.8.8 and 2.9.3 include a fix for CVE-2019-1…
  • >=2.8.0a0,<2.8.8
  • >=2.9.0a0,<2.9.3
  • <2.7.16
 HIGH 7.3
CVE-2019-10206 42886

Ansible 2.6.19, 2.7.13 and 2.8.4 include a fix for CVE-2019-10206: An…
  • >=2.8.0a0,<2.8.4
  • >=2.7.0a0,<2.7.13
  • >=2.6.0a0,<2.6.19
 MEDIUM 6.5
CVE-2019-10156 42887

Ansible 2.6.18, 2.7.12 and 2.8.2 include a fix for CVE-2019-10156: A …
  • >=2.8.0a0,<2.8.2
  • >=2.7.0a0,<2.7.12
  • >=2.6.0a0,<2.6.18
 MEDIUM 5.4
CVE-2018-16837 54010

Ansible "User" module leaks any data which is passed on as a paramete…
  • >=2.7,<2.7.1
  • >=2.6,<2.6.7
  • >=0,<2.5.11
 HIGH 7.8
CVE-2020-10744 42862

Ansible versions 2.7.18, 2.8.12 and 2.9.9 include a fix for CVE-2020-…
  • >=2.7.0a0,<2.7.18
  • >=2.8.0a0,<2.8.12
  • >=2.9.0a0,<2.9.9
 MEDIUM 5.0
CVE-2020-1738 42873

Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-1…
  • >=2.7.0a0,<2.7.17
  • >=2.8.0a0,<2.8.9
  • >=2.9.0a0,<2.9.6
 LOW 3.9
CVE-2020-1736 42875

Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-1…
  • >=2.7.0a0,<2.7.17
  • >=2.8.0a0,<2.8.9
  • >=2.9.0a0,<2.9.6
 LOW 3.3
CVE-2020-1735 42877

Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-1…
  • >=2.7.0a0,<2.7.17
  • >=2.8.0a0,<2.8.9
  • >=2.9.0a0,<2.9.6
 MEDIUM 4.6
CVE-2020-10684 42864

Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-1…
  • >=2.7.0a0,<2.7.17
  • >=2.8.0a0,<2.8.9
  • >=2.9.0a0,<2.9.6
 HIGH 7.1
CVE-2020-1739 42871

Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-1…
  • >=2.7.0a0,<2.7.17
  • >=2.8.0a0,<2.8.9
  • >=2.9.0a0,<2.9.6
 LOW 3.9
CVE-2020-1740 42869

Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-1…
  • >=2.7.0a0,<2.7.17
  • >=2.8.0a0,<2.8.9
  • >=2.9.0a0,<2.9.6
 MEDIUM 4.7
CVE-2020-1733 42879

Ansible versions 2.7.17, 2.8.11 and 2.9.7 include a fix for CVE-2020-…
  • >=2.7.0a0,<2.7.17
  • >=2.8.0a0,<2.8.11
  • >=2.9.0a0,<2.9.7
 MEDIUM 5.0
CVE-2019-14864 42882

Ansible versions 2.7.15, 2.8.7 and 2.9.1 include a fix for CVE-2019-1…
  • >=2.7.0a0,<2.7.15
  • >=2.8.0a0,<2.8.7
  • >=2.9.0a0,<2.9.1
 MEDIUM 6.5
CVE-2019-14856 42884

Ansible versions 2.6.20, 2.7.14 and 2.8.6 include a fix for CVE-2019-…
  • >=2.6.0a0,<2.6.20
  • >=2.7.0a0,<2.7.14
  • >=2.8.0a0,<2.8.6
 MEDIUM 6.5
CVE-2019-3828 42888

Ansible 2.5.15, 2.6.14 and 2.7.8 include a fix for CVE-2019-3828: Ans…
  • >=2.6.0a0,<2.6.14
  • >=2.7.0a0,<2.7.8
  • <2.5.15
 MEDIUM 4.2
CVE-2018-16876 42889

Ansible 2.5.14, 2.6.11 and 2.7.5 include a fix for CVE-2018-16876: An…
  • >=2.5.0a0,<2.5.14
  • >=2.6.0a0,<2.6.11
  • >=2.7.0a0,<2.7.5
 MEDIUM 5.3
CVE-2020-1753 54240

A security flaw was found in Ansible Engine, all Ansible 2.7.x versio…
  • >=0,<2.7.18
  • >=2.8.0,<2.8.11
  • >=2.9.0,<2.9.7
 MEDIUM 5.5
CVE-2018-10874 53995

In ansible it was found that inventory variables are loaded from curr…
  • >=0,<2.4.6.0
  • >=2.5,<2.5.6
  • >=2.6,<2.6.1
 HIGH 7.8
CVE-2020-10709 70602

A security flaw was found in Ansible Tower when requesting an OAuth2 …
  • <3.5.6
  • >=3.6.0,<3.6.4
 HIGH 7.1
CVE-2017-7550 42853

Ansible 2.3.3 and 2.4.1 include a fix for CVE-2017-7550: A flaw was f…
  • >=2.3.0,<2.3.3
  • >=2.4.0,<2.4.1
 CRITICAL 9.8
CVE-2016-9587 33285

Ansible versions 2.1.4 and 2.2.1 include a fix for CVE-2016-9587: Ans…
  • <2.1.4.0
  • >2.1.4.0,<2.2.1.0
 HIGH 8.1
CVE-2016-3096 25627

Ansible 1.9.6 and 2.0.2 include a fix for CVE-2016-3096: The create_s…
  • >=2.0.0.0,<2.0.2
  • <1.9.6
 HIGH 7.8
CVE-2022-1632 62625

An Improper Certificate Validation attack was found in Openshift. A r…
  • ==2.0
  • ==4.0
 MEDIUM 6.5
CVE-2019-14890 70527

A vulnerability was found in Ansible Tower before 3.6.1 where an atta…
  • <3.6.1
 HIGH 8.4
CVE-2021-3583 42924

Ansible 2.9.23 includes a fix for CVE-2021-3583: A flaw was found in …
  • <2.9.23
 HIGH 7.1
CVE-2021-20178 42858

Ansible 2.9.18 includes a fix for CVE-2021-20178: A flaw was found in…
  • <2.9.18
 MEDIUM 5.5
CVE-2019-10217 42885

Ansible 2.8.4 includes a fix for CVE-2019-10217: A flaw was found in …
  • >=2.8.0a0,<2.8.4
 MEDIUM 6.5
CVE-2023-4237 70895

A flaw was found in the Ansible Automation Platform. When creating a …
  • >=2.8.0,<=2.15.2
 HIGH 7.8
CVE-2022-3697 54564

A flaw was found in Ansible in the amazon.aws collection when using t…
  • >=2.5.0,<7.0.0
 HIGH 7.5
CVE-2017-7481 34941

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lo…
  • <2.3.1
 CRITICAL 9.8
CVE-2017-7466 42890

Ansible 2.3 includes a fix for CVE-2017-7466: Ansible before version …
  • <2.3
 HIGH 8.0
CVE-2016-8628 42915

Ansible 2.2.0 includes a fix for CVE-2016-8628: Ansible before versio…
  • <2.2.0
 CRITICAL 9.1
CVE-2016-8614 42916

Ansible 2.2.0 includes a fix for CVE-2016-8614: A flaw was found in A…
  • <2.2.0
 HIGH 7.5
CVE-2019-14858 54153

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible…
  • >=2.0,<2.8.1
 MEDIUM 5.5
CVE-2015-3908 25625

Ansible before 1.9.2 does not verify that the server hostname matches…
  • <1.9.2
 MEDIUM 4.3
CVE-2015-6240 42917

Ansible 1.9.2 includes a fix for CVE-2015-6240: The chroot, jail, and…
  • <1.9.2
 HIGH 7.8
PVE-2021-25624 25624

ansible 1.8.3 fixes a security bug related to the default permissions…
  • <1.8.3
 HIDDEN X.Y
PVE-2021-25623 25623

ansible 1.7.1 contains a security fix to disallow specifying 'args:' …
  • <1.7.1
 - -
PVE-2021-25622 25622

Ansible 1.7.0 adds path checking for relative/escaped tar filenames …
  • <1.7
 HIDDEN X.Y
PVE-2022-45329 45329

Ansible 1.7.0 avoids templating raw lookup strings. https://github.…
  • <1.7
 HIDDEN X.Y
CVE-2014-4966 42334

Ansible before 1.6.7 does not prevent inventory data with "{{" and "l…
  • <1.6.7
 CRITICAL 9.8
CVE-2014-4967 25621

ansible 1.6.7 contains two security fixes: * Strip lookup calls ou…
  • <1.6.7
 CRITICAL 9.8
CVE-2014-3498 25620

Ansible 1.6.6 includes a fix for CVE-2014-3498: The user module in an…
  • <1.6.6
 HIGH 8.8
CVE-2014-4678 25619

Ansible 1.6.4 includes a fix for CVE-2014-4678: The safe_eval functio…
  • <1.6.4
 CRITICAL 9.8
CVE-2014-4658 25618

Ansible 1.5.5 includes a fix for CVE-2014-4658: The vault subsystem i…
  • <1.5.5
 MEDIUM 5.5
CVE-2014-4660 42918

Ansible 1.5.5 includes a fix for CVE-2014-4660: Ansible before 1.5.5 …
  • <1.5.5
 MEDIUM 5.5
CVE-2014-4659 42854

Ansible 1.5.5 includes a fix for CVE-2014-4659: Ansible before 1.5.5 …
  • <1.5.5
 MEDIUM 5.5
CVE-2014-2686 42919

Ansible 1.5.4 includes a fix for CVE-2014-2686: Ansible prior to 1.5.…
  • <1.5.4
 HIGH 7.5
CVE-2014-4657 25617

Ansible 1.5.4 includes a fix for CVE-2014-4657: The safe_eval functio…
  • <1.5.4
 CRITICAL 9.8
CVE-2013-4259 42920

Ansible 1.2.3 includes a fix for CVE-2013-4259: runner/connection_plu…
  • <1.2.3
 LOW 1.9
CVE-2013-4260 25616

Ansible 1.2.3 includes local security fixes for predictable file loca…
  • <1.2.3
 LOW 3.3
CVE-2021-3447 42860

Ansible 1.2.2 includes a fix for CVE-2021-3447: A flaw was found in s…
  • <1.2.2
 MEDIUM 5.5
CVE-2013-2233 42921

Ansible 1.2.1 includes a fix for CVE-2013-2233: Ansible before 1.2.1 …
  • <1.2.1
 HIGH 7.4
CVE-2020-25636 54229

A flaw was found in Ansible Base when using the aws_ssm connection pl…
  • >=0
 HIGH 7.1
CVE-2020-25635 54230

A flaw was found in Ansible Base when using the aws_ssm connection pl…
  • >=0
 MEDIUM 5.5