CPE-F5832CC1-D660-4063-9B8A-6E3939BDB55F Detail

CPE Details

Red Hat Ansible Engine 2.8.14

Vendor

redhat

Product

ansible_engine

Version

2.8.14

Created

2020-09-22
13h05 +00:00

Modified

2020-09-22
13h05 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:redhat:ansible_engine:2.8.14:::::::*

Informations

Vendor

redhat

Product

ansible_engine

Version

2.8.14

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2021-3620	2022-03-03 18h23 +00:00	A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.	5.5	Medium
CVE-2021-3583	2021-09-21 22h00 +00:00	A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.	7.1	High
CVE-2020-10729	2021-05-27 16h46 +00:00	A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.	5.5	Medium
CVE-2020-14365	2020-09-23 10h25 +00:00	A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.	7.1	High
CVE-2020-14330	2020-09-10 22h00 +00:00	An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.	5.5	Medium

Red Hat Ansible Engine 2.8.14

CPE Details

CPE Name: cpe:2.3:a:redhat:ansible_engine:2.8.14:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:redhat:ansible_engine:2.8.14:::::::*