usn-7330-1
Vulnerability from osv_ubuntu
Published
2025-03-05 20:26
Modified
2026-06-25 10:46
Summary
ansible vulnerabilities
Details

It was discovered that Ansible did not properly verify certain fields of X.509 certificates. An attacker could possibly use this issue to spoof SSL servers if they were able to intercept network communications. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3908)

Martin Carpenter discovered that certain connection plugins for Ansible did not properly restrict users. An attacker with local access could possibly use this issue to escape a restricted environment via symbolic links misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240)

Robin Schneider discovered that Ansible's apt_key module did not properly verify key fingerprints. A remote attacker could possibly use this issue to perform key injection, leading to the access of sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8614)

It was discovered that Ansible would expose passwords in certain instances. An attacker could possibly use specially crafted input related to this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-10206)

It was discovered that Ansible incorrectly logged sensitive information. An attacker with local access could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2019-14846)

It was discovered that Ansible's solaris_zone module accepted input without performing input checking. A remote attacker could possibly use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-14904)

It was discovered that Ansible did not generate sufficiently random values, which could lead to the exposure of passwords. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10729)

It was discovered that Ansible's svn module could disclose passwords to users within the same node. An attacker could possibly use this issue to access sensitive information. (CVE-2020-1739)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2015-3908",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-6240",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-8614",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-14846",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-1739",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "ansible",
            "binary_version": "1.5.4+dfsg-1ubuntu0.1~esm3"
          },
          {
            "binary_name": "ansible-fireball",
            "binary_version": "1.5.4+dfsg-1ubuntu0.1~esm3"
          },
          {
            "binary_name": "ansible-node-fireball",
            "binary_version": "1.5.4+dfsg-1ubuntu0.1~esm3"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:14.04:LTS",
        "name": "ansible",
        "purl": "pkg:deb/ubuntu/ansible@1.5.4+dfsg-1ubuntu0.1~esm3?arch=source\u0026distro=esm-infra-legacy/trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.4+dfsg-1ubuntu0.1~esm3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.1+dfsg-1",
        "1.3.4+dfsg-1",
        "1.4.0+dfsg-1",
        "1.4.1+dfsg-1",
        "1.4.3+dfsg-1",
        "1.4.4+dfsg-1",
        "1.5.4+dfsg-1",
        "1.5.4+dfsg-1ubuntu0.1~esm1",
        "1.5.4+dfsg-1ubuntu0.1~esm2"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2016-8614",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-10206",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-14846",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-14904",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-1739",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-10729",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:16.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "ansible",
            "binary_version": "2.0.0.2-2ubuntu1.3+esm5"
          },
          {
            "binary_name": "ansible-fireball",
            "binary_version": "2.0.0.2-2ubuntu1.3+esm5"
          },
          {
            "binary_name": "ansible-node-fireball",
            "binary_version": "2.0.0.2-2ubuntu1.3+esm5"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:16.04:LTS",
        "name": "ansible",
        "purl": "pkg:deb/ubuntu/ansible@2.0.0.2-2ubuntu1.3+esm5?arch=source\u0026distro=esm-apps/xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0.2-2ubuntu1.3+esm5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.9.2+dfsg-2",
        "1.9.4-1",
        "2.0.0.2-2",
        "2.0.0.2-2ubuntu1",
        "2.0.0.2-2ubuntu1.1",
        "2.0.0.2-2ubuntu1.2",
        "2.0.0.2-2ubuntu1.3",
        "2.0.0.2-2ubuntu1.3+esm1",
        "2.0.0.2-2ubuntu1.3+esm2",
        "2.0.0.2-2ubuntu1.3+esm3",
        "2.0.0.2-2ubuntu1.3+esm4"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2019-10206",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-14846",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-14904",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-1739",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-10729",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:18.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "ansible",
            "binary_version": "2.5.1+dfsg-1ubuntu0.1+esm5"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "ansible",
        "purl": "pkg:deb/ubuntu/ansible@2.5.1+dfsg-1ubuntu0.1+esm5?arch=source\u0026distro=esm-apps/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.1+dfsg-1ubuntu0.1+esm5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.3.1.0+dfsg-2",
        "2.5.0+dfsg-1",
        "2.5.1+dfsg-1",
        "2.5.1+dfsg-1ubuntu0.1",
        "2.5.1+dfsg-1ubuntu0.1+esm1",
        "2.5.1+dfsg-1ubuntu0.1+esm2",
        "2.5.1+dfsg-1ubuntu0.1+esm3",
        "2.5.1+dfsg-1ubuntu0.1+esm4"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2020-1739",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "ansible",
            "binary_version": "2.9.6+dfsg-1ubuntu0.1~esm3"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:20.04:LTS",
        "name": "ansible",
        "purl": "pkg:deb/ubuntu/ansible@2.9.6+dfsg-1ubuntu0.1~esm3?arch=source\u0026distro=esm-apps/focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.9.6+dfsg-1ubuntu0.1~esm3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.8.3+dfsg-1",
        "2.8.6+dfsg-1",
        "2.9.2+dfsg-1",
        "2.9.4+dfsg-1",
        "2.9.6+dfsg-1",
        "2.9.6+dfsg-1ubuntu0.1~esm1",
        "2.9.6+dfsg-1ubuntu0.1~esm2"
      ]
    }
  ],
  "aliases": [],
  "details": "It was discovered that Ansible did not properly verify certain fields of\nX.509 certificates. An attacker could possibly use this issue to spoof\nSSL servers if they were able to intercept network communications. This\nissue only affected Ubuntu 14.04 LTS. (CVE-2015-3908)\n\nMartin Carpenter discovered that certain connection plugins for Ansible\ndid not properly restrict users. An attacker with local access could\npossibly use this issue to escape a restricted environment via symbolic\nlinks misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240)\n\nRobin Schneider discovered that Ansible\u0027s apt_key module did not properly\nverify key fingerprints. A remote attacker could possibly use this issue\nto perform key injection, leading to the access of sensitive information.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-8614)\n\nIt was discovered that Ansible would expose passwords in certain\ninstances. An attacker could possibly use specially crafted input related\nto this issue to access sensitive information. This issue only affected\nUbuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-10206)\n\nIt was discovered that Ansible incorrectly logged sensitive information.\nAn attacker with local access could possibly use this issue to access\nsensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu\n16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2019-14846)\n\nIt was discovered that Ansible\u0027s solaris_zone module accepted input without\nperforming input checking. A remote attacker could possibly use this issue\nto enable the execution of arbitrary code. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-14904)\n\nIt was discovered that Ansible did not generate sufficiently random values,\nwhich could lead to the exposure of passwords. An attacker could possibly\nuse this issue to access sensitive information. This issue only affected\nUbuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10729)\n\nIt was discovered that Ansible\u0027s svn module could disclose passwords to\nusers within the same node. An attacker could possibly use this issue to\naccess sensitive information. (CVE-2020-1739)\n",
  "id": "USN-7330-1",
  "modified": "2026-06-25T10:46:41Z",
  "published": "2025-03-05T20:26:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-7330-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-3908"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-6240"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-8614"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-10206"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-14846"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-14904"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-1739"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-10729"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "ansible vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2015-3908",
    "UBUNTU-CVE-2015-6240",
    "UBUNTU-CVE-2016-8614",
    "UBUNTU-CVE-2019-10206",
    "UBUNTU-CVE-2019-14846",
    "UBUNTU-CVE-2019-14904",
    "UBUNTU-CVE-2020-1739",
    "UBUNTU-CVE-2020-10729"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…