Ansible engine

This hub aggregates every CVE we track for Ansible engine. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Ansible engine.

• CVE-2024-11079Ansible-core: unsafe tagging bypass via hostvars object in ansible-core5.5Nov 11, 2024
• CVE-2024-8775Ansible-core: exposure of sensitive information in ansible vault files due to improper logging5.5Sep 14, 2024
• CVE-2021-3620A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest ...5.5Mar 3, 2022
• CVE-2021-3583A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-l...7.1Sep 22, 2021
• CVE-2020-10729A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file sinc...5.5May 27, 2021
• CVE-2021-20228A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. Thi...7.5Apr 29, 2021
• CVE-2020-14365A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored durin...7.1Sep 23, 2020
• CVE-2020-14332A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows un...5.5Sep 11, 2020
• CVE-2020-14330An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access th...5.0Sep 11, 2020
• CVE-2020-1746A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3....5.0May 12, 2020
• CVE-2020-10685A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 ...5.0May 11, 2020
• CVE-2020-10691An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is ...5.2Apr 30, 2020
• CVE-2019-14905A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a...5.6Mar 31, 2020
• CVE-2020-1753A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kube...5.0Mar 16, 2020
• CVE-2020-1737A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they bel...7.5Mar 9, 2020