ansible

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Official assortment of Ansible collections
Version 4.1.0-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1941 4.1.0-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-3583 AVG-1941 Medium Yes Arbitrary command execution
A security issue was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2056 4.0.0-1 Medium Not affected
AVG-1702 3.1.0-1 Medium Not affected
AVG-1437 2.10.5-1 2.10.7-1 Medium Fixed
AVG-137 2.2.0.0-1 2.2.1.0rc5-3 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-20191 AVG-1437 Medium No Information disclosure
A flaw was found in ansible-collection where credentials such as secrets are being disclosed in console log by default and not protected by no_log feature...
CVE-2021-20180 AVG-1437 Medium No Information disclosure
A flaw was found in Ansible before version 2.10.6 where credentials such as secrets are being disclosed in console log by default and not protected by...
CVE-2021-20178 AVG-1437 Medium No Information disclosure
A flaw was found in Ansible before version 2.10.6 where the 'authkey' and 'privkey' credentials are disclosed by default and not protected by no_log feature...
CVE-2021-3533 AVG-2056 Medium No Information disclosure
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race...
CVE-2021-3532 AVG-2056 Medium No Information disclosure
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable...
CVE-2021-3447 AVG-1702 Medium No Information disclosure
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain- text on managed nodes, as...
CVE-2016-9587 AVG-137 High Yes Arbitrary command execution
An input validation vulnerability was found in ansible's handling of data sent from client systems. An attacker with control over a client system being...

Advisories

Date Advisory Group Severity Type
06 Feb 2021 ASA-202102-9 AVG-1437 Medium information disclosure