Red Hat Ansible 2.8.13

CPE Details

Red Hat Ansible 2.8.13
redhat
ansible
2.8.13
2020-06-23
13h39 +00:00
2020-06-23
13h39 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:redhat:ansible:2.8.13:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

ansible

Version

2.8.13

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-0690 2024-02-06 12h00 +00:00 An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
5.5
Moyen
CVE-2023-5764 2023-12-12 22h01 +00:00 A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
7.8
Haute
CVE-2022-3697 2022-10-28 00h00 +00:00 A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
7.5
Haute
CVE-2021-20180 2022-03-16 13h12 +00:00 A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
5.5
Moyen
CVE-2021-20178 2021-05-25 22h00 +00:00 A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
5.5
Moyen
CVE-2021-20191 2021-05-25 22h00 +00:00 A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
5.5
Moyen
CVE-2020-1736 2020-03-16 14h03 +00:00 A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
3.3
Bas