ansible
DevTools & CIoss-project
Top products
Latest CVEs
The 11 most recently published vulnerabilities affecting ansible.
- CVE-2025-7738Python3.11-django-ansible-base: sensitive authenticator secrets returned in clear text via api in aap4.4
- CVE-2024-11079Ansible-core: unsafe tagging bypass via hostvars object in ansible-core5.5
- CVE-2024-8775Ansible-core: exposure of sensitive information in ansible vault files due to improper logging5.5
- CVE-2019-14856ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None6.5
- CVE-2019-10206ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could cont...6.5
- CVE-2019-14846In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plug...7.8
- CVE-2018-10874In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.7.8
- CVE-2016-9587Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being manage...8.1
- CVE-2015-1481Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.6.5
- CVE-2015-1482Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.5.0
- CVE-2015-1368Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to cr...4.3