Max CVSS | 4.6 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-16876 | 3.5 |
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
|
04-08-2021 - 17:15 | 03-01-2019 - 15:29 | |
CVE-2018-10875 | 4.6 |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
|
04-08-2021 - 17:14 | 13-07-2018 - 22:29 | |
CVE-2018-10855 | 4.3 |
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible
|
04-08-2021 - 17:14 | 03-07-2018 - 01:29 | |
CVE-2018-16837 | 2.1 |
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear te
|
03-10-2019 - 00:03 | 23-10-2018 - 15:29 |