| CVE-2017-7550 |
critical |
9.8 |
9.8 |
|
|
|
4y ago |
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive infor… |
| CVE-2016-9587 |
high |
— |
9.0 |
|
|
|
8y ago |
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed … |
| CVE-2014-3498 |
high |
8.8 |
8.8 |
|
|
|
4y ago |
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. |
| CVE-2015-6240 |
high |
7.8 |
7.8 |
|
|
|
9y ago |
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. |
| CVE-2016-3096 |
high |
7.8 |
7.8 |
|
|
|
10y ago |
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /… |
| CVE-2013-4260 |
low |
— |
3.3 |
|
|
|
13y ago |
lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a… |
| CVE-2013-4259 |
low |
— |
1.9 |
|
|
|
13y ago |
runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp… |
