| Max CVSS | 7.2 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-10156 | 5.5 |
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable su
|
19-04-2022 - 15:36 | 30-07-2019 - 23:15 | |
| CVE-2018-10875 | 4.6 |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
|
04-08-2021 - 17:14 | 13-07-2018 - 22:29 | |
| CVE-2015-6240 | 7.2 |
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
|
16-09-2019 - 15:15 | 07-06-2017 - 20:29 | |
| CVE-2015-3908 | 4.3 |
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary val
|
16-09-2019 - 15:15 | 12-08-2015 - 14:59 |