The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Ansible Core

computer vulnerability CVE-2019-3828

Ansible Core: directory traversal via Home Directories

Synthesis of the vulnerability

An attacker can traverse directories via Home Directories of Ansible Core, in order to create a file outside the service root path.
Impacted products: Ansible Core, Debian, Fedora, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 20/02/2019.
Identifiers: CVE-2019-3828, DSA-4396-1, FEDORA-2019-7d1a63acc8, openSUSE-SU-2019:1125-1, VIGILANCE-VUL-28555.

Description of the vulnerability

An attacker can traverse directories via Home Directories of Ansible Core, in order to create a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-16876

Ansible Core: information disclosure via Logged Ssh Retry

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Logged Ssh Retry of Ansible Core, in order to obtain sensitive information.
Impacted products: Ansible Core, Debian, Fedora, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 14/12/2018.
Identifiers: CVE-2018-16876, DSA-4396-1, FEDORA-2018-af82e7c863, openSUSE-SU-2019:0238-1, openSUSE-SU-2019:1125-1, VIGILANCE-VUL-28025.

Description of the vulnerability

An attacker can bypass access restrictions to data via Logged Ssh Retry of Ansible Core, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-16859

Ansible Core: information disclosure via Windows Powershell Log

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Windows Powershell Log of Ansible Core, in order to obtain sensitive information.
Impacted products: Ansible Core, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 30/11/2018.
Identifiers: CVE-2018-16859, openSUSE-SU-2019:0238-1, openSUSE-SU-2019:1125-1, VIGILANCE-VUL-27915.

Description of the vulnerability

An attacker can bypass access restrictions to data via Windows Powershell Log of Ansible Core, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-16837

Ansible Core: information disclosure via ssh-keygen Command Line

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ssh-keygen Command Line of Ansible Core, in order to obtain sensitive information.
Impacted products: Ansible Core, Debian, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 05/11/2018.
Identifiers: 1640642, CVE-2018-16837, DLA-1576-1, DSA-4396-1, openSUSE-SU-2019:1125-1, VIGILANCE-VUL-27668.

Description of the vulnerability

An attacker can bypass access restrictions to data via ssh-keygen Command Line of Ansible Core, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 27418

Ansible Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Ansible Core.
Impacted products: Ansible Core.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 04/10/2018.
Identifiers: VIGILANCE-VUL-27418.

Description of the vulnerability

An attacker can use several vulnerabilities of Ansible Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-10875

Ansible Core: privilege escalation via Current Directory Ansible.cfg

Synthesis of the vulnerability

An attacker can bypass restrictions via Current Directory Ansible.cfg of Ansible Core, in order to escalate his privileges.
Impacted products: Ansible Core, Debian, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 06/07/2018.
Identifiers: CVE-2018-10875, DSA-4396-1, openSUSE-SU-2019:0238-1, openSUSE-SU-2019:1125-1, VIGILANCE-VUL-26638.

Description of the vulnerability

An attacker can bypass restrictions via Current Directory Ansible.cfg of Ansible Core, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-10874

Ansible Core: code execution via Inventory Variables

Synthesis of the vulnerability

An attacker can use a vulnerability via Inventory Variables of Ansible, in order to run code.
Impacted products: Ansible Core.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 03/07/2018.
Identifiers: 1596528, CVE-2018-10874, VIGILANCE-VUL-26602.

Description of the vulnerability

An attacker can use a vulnerability via Inventory Variables of Ansible, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-10855

Ansible Core: information disclosure via Failed Tasks Log

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Failed Tasks Log of Ansible Core, in order to obtain sensitive information.
Impacted products: Ansible Core, Debian, Fedora, RHEL, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 20/06/2018.
Identifiers: CVE-2018-10855, DSA-4396-1, FEDORA-2018-1a6e6196b9, openSUSE-SU-2019:0238-1, RHSA-2018:1948-01, RHSA-2018:1949-01, VIGILANCE-VUL-26459.

Description of the vulnerability

An attacker can bypass access restrictions to data via Failed Tasks Log of Ansible Core, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-7550

Ansible: information disclosure via Jenkins_plugin Password Params

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Jenkins_plugin Password Params of Ansible, in order to obtain sensitive information.
Impacted products: Ansible Core, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 20/10/2017.
Identifiers: CVE-2017-7550, FEDORA-2017-008017c9fe, FEDORA-2017-8bf1b0c692, openSUSE-SU-2017:2976-1, openSUSE-SU-2017:2978-1, RHSA-2017:2966-01, VIGILANCE-VUL-24190.

Description of the vulnerability

An attacker can bypass access restrictions to data via Jenkins_plugin Password Params of Ansible, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-7481

Ansible Core: use of unvalidated data

Synthesis of the vulnerability

An attacker can tamper with the environment variable ninja2 as used by Ansible Core, in order to bypass some input checks and maybe run arbitrary code.
Impacted products: Ansible Core, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 10/05/2017.
Identifiers: CVE-2017-7481, FEDORA-2017-49c0ac5ce7, FEDORA-2017-6aff7475b7, FEDORA-2017-87a64155eb, openSUSE-SU-2017:2976-1, openSUSE-SU-2017:2978-1, openSUSE-SU-2019:0238-1, VIGILANCE-VUL-22698.

Description of the vulnerability

An attacker can tamper with the environment variable ninja2 as used by Ansible Core, in order to bypass some input checks and maybe run arbitrary code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Ansible Core: