| CVE-2025-14010 |
medium |
5.5 |
5.5 |
|
|
|
6mo ago |
Ansible Community General Collection is vulnerable to exposure of sensitive information |
| CVE-2021-20180 |
medium |
— |
5.5 |
|
|
|
4y ago |
information disclosure in ansible |
| CVE-2021-3620 |
medium |
— |
5.5 |
|
|
|
4y ago |
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest th… |
| CVE-2021-3583 |
medium |
— |
5.5 |
|
|
|
5y ago |
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-lin… |
| CVE-2021-3533 |
medium |
— |
5.5 |
|
|
|
5y ago |
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious,… |
| CVE-2021-20178 |
medium |
— |
5.5 |
|
|
|
5y ago |
information disclosure in ansible |
| CVE-2021-20191 |
medium |
— |
5.5 |
|
|
|
5y ago |
information disclosure in ansible |
| CVE-2021-3447 |
medium |
— |
5.5 |
|
|
|
5y ago |
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controlle… |
| CVE-2015-3908 |
medium |
— |
4.3 |
|
|
|
11y ago |
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle … |
| CVE-2013-4260 |
low |
— |
3.3 |
|
|
|
13y ago |
lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a… |
| CVE-2013-4259 |
low |
— |
1.9 |
|
|
|
13y ago |
runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp… |
