Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-10855 (GCVE-0-2018-10855)
Vulnerability from cvelistv5 – Published: 2018-07-02 18:00 – Updated: 2024-08-05 07:46
VLAI?
EPSS
Summary
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
Severity ?
5.9 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:1949",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855"
},
{
"name": "RHBA-2018:3788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2018:1948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
},
{
"name": "RHSA-2018:2184",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
},
{
"name": "RHSA-2018:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
},
{
"name": "RHSA-2019:0054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "RHSA-2018:2079",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
},
{
"name": "RHSA-2018:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "DSA-4396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4396"
},
{
"name": "USN-4072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4072-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ansible",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "Ansible 2.4.5"
},
{
"status": "affected",
"version": "Ansible 2.5.5"
}
]
}
],
"datePublic": "2018-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T01:06:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:1949",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855"
},
{
"name": "RHBA-2018:3788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2018:1948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
},
{
"name": "RHSA-2018:2184",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
},
{
"name": "RHSA-2018:2022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
},
{
"name": "RHSA-2019:0054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "RHSA-2018:2079",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
},
{
"name": "RHSA-2018:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "DSA-4396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4396"
},
{
"name": "USN-4072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4072-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ansible",
"version": {
"version_data": [
{
"version_value": "Ansible 2.4.5"
},
{
"version_value": "Ansible 2.5.5"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1949",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855"
},
{
"name": "RHBA-2018:3788",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2018:1948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
},
{
"name": "RHSA-2018:2184",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
},
{
"name": "RHSA-2018:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
},
{
"name": "RHSA-2019:0054",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "RHSA-2018:2079",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
},
{
"name": "RHSA-2018:2585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "DSA-4396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4396"
},
{
"name": "USN-4072-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4072-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10855",
"datePublished": "2018-07-02T18:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:46:47.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.4\", \"versionEndExcluding\": \"2.4.5\", \"matchCriteriaId\": \"9B1CF308-19C7-4007-A72F-44F68C36B22A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*\", \"versionStartExcluding\": \"2.5\", \"versionEndIncluding\": \"2.5.5\", \"matchCriteriaId\": \"725395D6-82FA-47E1-A88D-F25B576E4B91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8989CD03-49A1-4831-BF98-9F21592788BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67F7263F-113D-4BAE-B8CB-86A61531A2AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"704CFA1A-953E-4105-BFBE-406034B83DED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D4AC996-B340-4A14-86F7-FF83B4D5EC8F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.\"}, {\"lang\": \"es\", \"value\": \"Ansible, en versiones 2.5 anteriores a la 2.5.5 y 2.4 anteriores a la 2.4.5, no cumplen con la marca de tarea no_log para las tareas fallidas. Cuando se ha empleado la marca no_log para proteger datos sensibles que se pasan a una tarea desde que se registra y esa tarea no se ejecuta con \\u00e9xito, Ansible mostrar\\u00e1 datos sensibles en archivos de registro y en el terminal del usuario que ejecuta Ansible.\"}]",
"id": "CVE-2018-10855",
"lastModified": "2024-11-21T03:42:08.980",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-07-03T01:29:00.580",
"references": "[{\"url\": \"https://access.redhat.com/errata/RHBA-2018:3788\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1948\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1949\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2022\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2079\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2184\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2585\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0054\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4072-1/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4396\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHBA-2018:3788\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1948\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1949\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2022\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2079\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2585\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0054\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4072-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4396\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10855\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-07-03T01:29:00.580\",\"lastModified\":\"2024-11-21T03:42:08.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.\"},{\"lang\":\"es\",\"value\":\"Ansible, en versiones 2.5 anteriores a la 2.5.5 y 2.4 anteriores a la 2.4.5, no cumplen con la marca de tarea no_log para las tareas fallidas. Cuando se ha empleado la marca no_log para proteger datos sensibles que se pasan a una tarea desde que se registra y esa tarea no se ejecuta con \u00e9xito, Ansible mostrar\u00e1 datos sensibles en archivos de registro y en el terminal del usuario que ejecuta Ansible.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4\",\"versionEndExcluding\":\"2.4.5\",\"matchCriteriaId\":\"9B1CF308-19C7-4007-A72F-44F68C36B22A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*\",\"versionStartExcluding\":\"2.5\",\"versionEndIncluding\":\"2.5.5\",\"matchCriteriaId\":\"725395D6-82FA-47E1-A88D-F25B576E4B91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8989CD03-49A1-4831-BF98-9F21592788BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67F7263F-113D-4BAE-B8CB-86A61531A2AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"704CFA1A-953E-4105-BFBE-406034B83DED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4AC996-B340-4A14-86F7-FF83B4D5EC8F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHBA-2018:3788\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1948\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1949\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2022\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2079\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2184\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2585\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0054\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4072-1/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4396\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2018:3788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1949\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2022\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2079\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2585\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0054\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4072-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4396\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHBA-2018:3788
Vulnerability from csaf_redhat - Published: 2018-12-05 19:01 - Updated: 2025-11-21 17:21Summary
Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 12 Bug Fix and Enhancement Advisory
Notes
Topic
Updated packages that resolve various issues are now available for Red Hat
OpenStack Platform 12.0 (Pike) for RHEL 7.
Details
Red Hat OpenStack Platform provides the facilities for building, deploying
and monitoring a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that resolve various issues are now available for Red Hat\nOpenStack Platform 12.0 (Pike) for RHEL 7.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenStack Platform provides the facilities for building, deploying\nand monitoring a private or public infrastructure-as-a-service (IaaS) cloud\nrunning on commonly available physical hardware.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2018:3788",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"category": "external",
"summary": "1568591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568591"
},
{
"category": "external",
"summary": "1644801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644801"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhba-2018_3788.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 12 Bug Fix and Enhancement Advisory",
"tracking": {
"current_release_date": "2025-11-21T17:21:48+00:00",
"generator": {
"date": "2025-11-21T17:21:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHBA-2018:3788",
"initial_release_date": "2018-12-05T19:01:13+00:00",
"revision_history": [
{
"date": "2018-12-05T19:01:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-12-05T19:01:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:21:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 12.0",
"product": {
"name": "Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:12::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product_id": "ansible-0:2.4.6.0-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"product": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"product_id": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-role-redhat-subscription@1.0.1-4.el7ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_id": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"product": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"product_id": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-role-redhat-subscription@1.0.1-4.el7ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.src as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.src",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch"
},
"product_reference": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
},
"product_reference": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-05T19:01:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat OpenStack Platform 12 runs on Red Hat Enterprise Linux 7.5.\n\nThe Red Hat OpenStack Platform 12 Release Notes contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat OpenStack Platform 12, including which\nchannels need to be enabled and disabled.\n\nThe Release Notes are available at:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/\n\nThis update is available through \u0027yum update\u0027 on systems registered through\nRed Hat Subscription Manager. For more information about Red Hat\nSubscription Manager, see:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html",
"product_ids": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
},
{
"acknowledgments": [
{
"names": [
"Michael Scherer"
],
"organization": "OSAS"
}
],
"cve": "CVE-2018-10874",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596528"
}
],
"notes": [
{
"category": "description",
"text": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10874"
},
{
"category": "external",
"summary": "RHBZ#1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-05T19:01:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat OpenStack Platform 12 runs on Red Hat Enterprise Linux 7.5.\n\nThe Red Hat OpenStack Platform 12 Release Notes contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat OpenStack Platform 12, including which\nchannels need to be enabled and disabled.\n\nThe Release Notes are available at:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/\n\nThis update is available through \u0027yum update\u0027 on systems registered through\nRed Hat Subscription Manager. For more information about Red Hat\nSubscription Manager, see:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html",
"product_ids": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution"
},
{
"acknowledgments": [
{
"names": [
"Brian Coca"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10875",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2018-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596533"
}
],
"notes": [
{
"category": "description",
"text": "It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: ansible.cfg is being read from current working directory allowing possible code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "RHBZ#1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-05T19:01:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat OpenStack Platform 12 runs on Red Hat Enterprise Linux 7.5.\n\nThe Red Hat OpenStack Platform 12 Release Notes contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat OpenStack Platform 12, including which\nchannels need to be enabled and disabled.\n\nThe Release Notes are available at:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/\n\nThis update is available through \u0027yum update\u0027 on systems registered through\nRed Hat Subscription Manager. For more information about Red Hat\nSubscription Manager, see:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html",
"product_ids": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: ansible.cfg is being read from current working directory allowing possible code execution"
}
]
}
RHSA-2018:2079
Vulnerability from csaf_redhat - Published: 2018-06-28 05:21 - Updated: 2025-11-21 18:05Summary
Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update
Notes
Topic
Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: imgbased (1.0.20), redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1590664)
Security Fix(es):
* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting this issue.
Bug Fix(es):
* Previously, if systems were configured to skip Logical Volume Manager (LVM) clusters, imgbased sees output that is unrelated to the Logical Volumes that are being queried.
As a result, imgbased failed to parse the output, causing Red Hat Virtualization Host updates to fail.
In this release imgbased now ignores output from skipped clusters enabling imgbased LVM commands to return successfully. (BZ#1568414)
Enhancement(s):
* Starting from version 4.0, Red Hat Virtualization Hosts could not be deployed from Satellite, and therefore could not take advantage of Satellite's tooling features.
In this release, Red Hat Virtualization Hosts can now be deployed from Satellite 6.3.2 and later. (BZ#1484532)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe following packages have been upgraded to a later upstream version: imgbased (1.0.20), redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1590664)\n\nSecurity Fix(es):\n\n* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting this issue.\n\nBug Fix(es):\n\n* Previously, if systems were configured to skip Logical Volume Manager (LVM) clusters, imgbased sees output that is unrelated to the Logical Volumes that are being queried.\n\nAs a result, imgbased failed to parse the output, causing Red Hat Virtualization Host updates to fail.\n\nIn this release imgbased now ignores output from skipped clusters enabling imgbased LVM commands to return successfully. (BZ#1568414)\n\nEnhancement(s):\n\n* Starting from version 4.0, Red Hat Virtualization Hosts could not be deployed from Satellite, and therefore could not take advantage of Satellite\u0027s tooling features.\n\nIn this release, Red Hat Virtualization Hosts can now be deployed from Satellite 6.3.2 and later. (BZ#1484532)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2079",
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1484532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484532"
},
{
"category": "external",
"summary": "1534197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534197"
},
{
"category": "external",
"summary": "1568414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568414"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2079.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T18:05:24+00:00",
"generator": {
"date": "2025-11-21T18:05:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:2079",
"initial_release_date": "2018-06-28T05:21:07+00:00",
"revision_history": [
{
"date": "2018-06-28T05:21:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-28T05:21:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:05:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.2-4.3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"product": {
"name": "python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"product_id": "python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-imgbased@1.0.20-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "imgbased-0:1.0.20-0.1.el7ev.noarch",
"product": {
"name": "imgbased-0:1.0.20-0.1.el7ev.noarch",
"product_id": "imgbased-0:1.0.20-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/imgbased@1.0.20-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"product_id": "redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.2-20180622.0.el7_5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-4.3.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"product_id": "redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-4.3.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "imgbased-0:1.0.20-0.1.el7ev.src",
"product": {
"name": "imgbased-0:1.0.20-0.1.el7ev.src",
"product_id": "imgbased-0:1.0.20-0.1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/imgbased@1.0.20-0.1.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"product": {
"name": "redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"product_id": "redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.2-20180622.0.el7_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.2-20180622.0.el7_5.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180622.0.el7_5.src"
},
"product_reference": "redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "imgbased-0:1.0.20-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.noarch"
},
"product_reference": "imgbased-0:1.0.20-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "imgbased-0:1.0.20-0.1.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.src"
},
"product_reference": "imgbased-0:1.0.20-0.1.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-imgbased-0:1.0.20-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.20-0.1.el7ev.noarch"
},
"product_reference": "python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-4.3.el7.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-28T05:21:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
}
]
}
RHSA-2018_1948
Vulnerability from csaf_redhat - Published: 2018-06-19 19:27 - Updated: 2024-11-14 23:43Summary
Red Hat Security Advisory: ansible security and bug fix update
Notes
Topic
An update for ansible is now available for Red Hat Ansible Engine 2 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
The following packages have been upgraded to a newer upstream version: ansible (2.5.5)
Security fix(es):
* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for
reporting these issues.
Bug Fix(es):
* Changed the admin_users config option to not include "admin" by default
as admin is frequently used for a non-privileged account
(https://github.com/ansible/ansible/pull/41164)
* aws_s3 - add async support to the action plugin
(https://github.com/ansible/ansible/pull/40826)
* aws_s3 - fix decrypting vault files
(https://github.com/ansible/ansible/pull/39634)
* ec2_ami - cast the device_mapping volume size to an int
(https://github.com/ansible/ansible/pull/40938)
* eos_logging - fix idempotency issues
(https://github.com/ansible/ansible/pull/40604)
* cache plugins - a cache timeout of 0 means the cache will not expire.
* ios_logging - fix idempotency issues
(https://github.com/ansible/ansible/pull/41029)
* ios/nxos/eos_config - don't retrieve config in running_config when config
is provided for diff (https://github.com/ansible/ansible/pull/41400)
* nxos_banner - fix multiline banner issue
(https://github.com/ansible/ansible/pull/41026).
* nxos terminal plugin - fix output truncation
(https://github.com/ansible/ansible/pull/40960)
* nxos_l3_interface - fix no switchport issue with loopback and svi
interfaces (https://github.com/ansible/ansible/pull/37392).
* nxos_snapshot - fix compare_option
(https://github.com/ansible/ansible/pull/41386)
See
https://github.com/ansible/ansible/blob/v2.5.5/changelogs/CHANGELOG-v2.5.rst
for details on this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ansible is now available for Red Hat Ansible Engine 2 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.5.5)\n\nSecurity fix(es):\n\n* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for\nreporting these issues.\n\nBug Fix(es):\n\n* Changed the admin_users config option to not include \"admin\" by default\nas admin is frequently used for a non-privileged account\n(https://github.com/ansible/ansible/pull/41164)\n\n* aws_s3 - add async support to the action plugin\n(https://github.com/ansible/ansible/pull/40826)\n\n* aws_s3 - fix decrypting vault files\n(https://github.com/ansible/ansible/pull/39634)\n\n* ec2_ami - cast the device_mapping volume size to an int\n(https://github.com/ansible/ansible/pull/40938)\n\n* eos_logging - fix idempotency issues\n(https://github.com/ansible/ansible/pull/40604)\n\n* cache plugins - a cache timeout of 0 means the cache will not expire.\n\n* ios_logging - fix idempotency issues\n(https://github.com/ansible/ansible/pull/41029)\n\n* ios/nxos/eos_config - don\u0027t retrieve config in running_config when config\nis provided for diff (https://github.com/ansible/ansible/pull/41400)\n\n* nxos_banner - fix multiline banner issue\n(https://github.com/ansible/ansible/pull/41026).\n\n* nxos terminal plugin - fix output truncation\n(https://github.com/ansible/ansible/pull/40960)\n\n* nxos_l3_interface - fix no switchport issue with loopback and svi\ninterfaces (https://github.com/ansible/ansible/pull/37392).\n\n* nxos_snapshot - fix compare_option\n(https://github.com/ansible/ansible/pull/41386)\n\nSee\nhttps://github.com/ansible/ansible/blob/v2.5.5/changelogs/CHANGELOG-v2.5.rst\nfor details on this release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1948",
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1948.json"
}
],
"title": "Red Hat Security Advisory: ansible security and bug fix update",
"tracking": {
"current_release_date": "2024-11-14T23:43:49+00:00",
"generator": {
"date": "2024-11-14T23:43:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1948",
"initial_release_date": "2018-06-19T19:27:11+00:00",
"revision_history": [
{
"date": "2018-06-19T19:27:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-19T19:27:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:43:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Engine 2 for RHEL 7",
"product": {
"name": "Red Hat Ansible Engine 2 for RHEL 7",
"product_id": "7Server-Ansible-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_engine:2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Engine"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"product": {
"name": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"product_id": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-doc@2.5.5-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-0:2.5.5-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.5.5-1.el7ae.noarch",
"product_id": "ansible-0:2.5.5-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.5.5-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.5.5-1.el7ae.src",
"product": {
"name": "ansible-0:2.5.5-1.el7ae.src",
"product_id": "ansible-0:2.5.5-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.5.5-1.el7ae?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.5.5-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7",
"product_id": "7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.5.5-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.5.5-1.el7ae.src as a component of Red Hat Ansible Engine 2 for RHEL 7",
"product_id": "7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.src"
},
"product_reference": "ansible-0:2.5.5-1.el7ae.src",
"relates_to_product_reference": "7Server-Ansible-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-0:2.5.5-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7",
"product_id": "7Server-Ansible-2:ansible-doc-0:2.5.5-1.el7ae.noarch"
},
"product_reference": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.noarch",
"7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.src",
"7Server-Ansible-2:ansible-doc-0:2.5.5-1.el7ae.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-19T19:27:11+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.noarch",
"7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.src",
"7Server-Ansible-2:ansible-doc-0:2.5.5-1.el7ae.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.noarch",
"7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.src",
"7Server-Ansible-2:ansible-doc-0:2.5.5-1.el7ae.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
}
]
}
RHSA-2019_0054
Vulnerability from csaf_redhat - Published: 2019-01-16 17:11 - Updated: 2024-11-14 23:47Summary
Red Hat Security Advisory: ansible security update
Notes
Topic
An update for ansible is now available for Red Hat OpenStack Platform 10.0 (Newton).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
Security Fix(es):
* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)
* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)
* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting CVE-2018-10855 and Michael Scherer (OSAS) for reporting CVE-2018-10874. The CVE-2018-10875 issue was discovered by Brian Coca (Red Hat).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ansible is now available for Red Hat OpenStack Platform 10.0 (Newton).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nSecurity Fix(es):\n\n* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting CVE-2018-10855 and Michael Scherer (OSAS) for reporting CVE-2018-10874. The CVE-2018-10875 issue was discovered by Brian Coca (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0054",
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0054.json"
}
],
"title": "Red Hat Security Advisory: ansible security update",
"tracking": {
"current_release_date": "2024-11-14T23:47:16+00:00",
"generator": {
"date": "2024-11-14T23:47:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:0054",
"initial_release_date": "2019-01-16T17:11:06+00:00",
"revision_history": [
{
"date": "2019-01-16T17:11:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-01-16T17:11:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:47:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 10.0",
"product": {
"name": "Red Hat OpenStack Platform 10.0",
"product_id": "7Server-RH7-RHOS-10.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:10::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product_id": "ansible-0:2.4.6.0-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_id": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch as a component of Red Hat OpenStack Platform 10.0",
"product_id": "7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-10.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.src as a component of Red Hat OpenStack Platform 10.0",
"product_id": "7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.src",
"relates_to_product_reference": "7Server-RH7-RHOS-10.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-01-16T17:11:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
},
{
"acknowledgments": [
{
"names": [
"Michael Scherer"
],
"organization": "OSAS"
}
],
"cve": "CVE-2018-10874",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596528"
}
],
"notes": [
{
"category": "description",
"text": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10874"
},
{
"category": "external",
"summary": "RHBZ#1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-01-16T17:11:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution"
},
{
"acknowledgments": [
{
"names": [
"Brian Coca"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10875",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2018-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596533"
}
],
"notes": [
{
"category": "description",
"text": "It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: ansible.cfg is being read from current working directory allowing possible code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "RHBZ#1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-01-16T17:11:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: ansible.cfg is being read from current working directory allowing possible code execution"
}
]
}
RHSA-2018:1948
Vulnerability from csaf_redhat - Published: 2018-06-19 19:27 - Updated: 2025-11-21 18:05Summary
Red Hat Security Advisory: ansible security and bug fix update
Notes
Topic
An update for ansible is now available for Red Hat Ansible Engine 2 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
The following packages have been upgraded to a newer upstream version: ansible (2.5.5)
Security fix(es):
* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for
reporting these issues.
Bug Fix(es):
* Changed the admin_users config option to not include "admin" by default
as admin is frequently used for a non-privileged account
(https://github.com/ansible/ansible/pull/41164)
* aws_s3 - add async support to the action plugin
(https://github.com/ansible/ansible/pull/40826)
* aws_s3 - fix decrypting vault files
(https://github.com/ansible/ansible/pull/39634)
* ec2_ami - cast the device_mapping volume size to an int
(https://github.com/ansible/ansible/pull/40938)
* eos_logging - fix idempotency issues
(https://github.com/ansible/ansible/pull/40604)
* cache plugins - a cache timeout of 0 means the cache will not expire.
* ios_logging - fix idempotency issues
(https://github.com/ansible/ansible/pull/41029)
* ios/nxos/eos_config - don't retrieve config in running_config when config
is provided for diff (https://github.com/ansible/ansible/pull/41400)
* nxos_banner - fix multiline banner issue
(https://github.com/ansible/ansible/pull/41026).
* nxos terminal plugin - fix output truncation
(https://github.com/ansible/ansible/pull/40960)
* nxos_l3_interface - fix no switchport issue with loopback and svi
interfaces (https://github.com/ansible/ansible/pull/37392).
* nxos_snapshot - fix compare_option
(https://github.com/ansible/ansible/pull/41386)
See
https://github.com/ansible/ansible/blob/v2.5.5/changelogs/CHANGELOG-v2.5.rst
for details on this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ansible is now available for Red Hat Ansible Engine 2 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.5.5)\n\nSecurity fix(es):\n\n* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for\nreporting these issues.\n\nBug Fix(es):\n\n* Changed the admin_users config option to not include \"admin\" by default\nas admin is frequently used for a non-privileged account\n(https://github.com/ansible/ansible/pull/41164)\n\n* aws_s3 - add async support to the action plugin\n(https://github.com/ansible/ansible/pull/40826)\n\n* aws_s3 - fix decrypting vault files\n(https://github.com/ansible/ansible/pull/39634)\n\n* ec2_ami - cast the device_mapping volume size to an int\n(https://github.com/ansible/ansible/pull/40938)\n\n* eos_logging - fix idempotency issues\n(https://github.com/ansible/ansible/pull/40604)\n\n* cache plugins - a cache timeout of 0 means the cache will not expire.\n\n* ios_logging - fix idempotency issues\n(https://github.com/ansible/ansible/pull/41029)\n\n* ios/nxos/eos_config - don\u0027t retrieve config in running_config when config\nis provided for diff (https://github.com/ansible/ansible/pull/41400)\n\n* nxos_banner - fix multiline banner issue\n(https://github.com/ansible/ansible/pull/41026).\n\n* nxos terminal plugin - fix output truncation\n(https://github.com/ansible/ansible/pull/40960)\n\n* nxos_l3_interface - fix no switchport issue with loopback and svi\ninterfaces (https://github.com/ansible/ansible/pull/37392).\n\n* nxos_snapshot - fix compare_option\n(https://github.com/ansible/ansible/pull/41386)\n\nSee\nhttps://github.com/ansible/ansible/blob/v2.5.5/changelogs/CHANGELOG-v2.5.rst\nfor details on this release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1948",
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1948.json"
}
],
"title": "Red Hat Security Advisory: ansible security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T18:05:14+00:00",
"generator": {
"date": "2025-11-21T18:05:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:1948",
"initial_release_date": "2018-06-19T19:27:11+00:00",
"revision_history": [
{
"date": "2018-06-19T19:27:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-19T19:27:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:05:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Engine 2 for RHEL 7",
"product": {
"name": "Red Hat Ansible Engine 2 for RHEL 7",
"product_id": "7Server-Ansible-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_engine:2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Engine"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"product": {
"name": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"product_id": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-doc@2.5.5-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-0:2.5.5-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.5.5-1.el7ae.noarch",
"product_id": "ansible-0:2.5.5-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.5.5-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.5.5-1.el7ae.src",
"product": {
"name": "ansible-0:2.5.5-1.el7ae.src",
"product_id": "ansible-0:2.5.5-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.5.5-1.el7ae?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.5.5-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7",
"product_id": "7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.5.5-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.5.5-1.el7ae.src as a component of Red Hat Ansible Engine 2 for RHEL 7",
"product_id": "7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.src"
},
"product_reference": "ansible-0:2.5.5-1.el7ae.src",
"relates_to_product_reference": "7Server-Ansible-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-0:2.5.5-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7",
"product_id": "7Server-Ansible-2:ansible-doc-0:2.5.5-1.el7ae.noarch"
},
"product_reference": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.noarch",
"7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.src",
"7Server-Ansible-2:ansible-doc-0:2.5.5-1.el7ae.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-19T19:27:11+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.noarch",
"7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.src",
"7Server-Ansible-2:ansible-doc-0:2.5.5-1.el7ae.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.noarch",
"7Server-Ansible-2:ansible-0:2.5.5-1.el7ae.src",
"7Server-Ansible-2:ansible-doc-0:2.5.5-1.el7ae.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
}
]
}
RHSA-2018_2585
Vulnerability from csaf_redhat - Published: 2018-08-29 16:05 - Updated: 2024-11-14 23:44Summary
Red Hat Security Advisory: ansible security update
Notes
Topic
An update for ansible is now available for Red Hat
OpenStack Platform 13.0 (Queens).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
The following packages have been upgraded to a newer upstream version: ansible (2.4.5)
Security Fix(es):
* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)
* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)
* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)
For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH), Brian Coca (Red Hat), and Michael Scherer (OSAS) for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ansible is now available for Red Hat\nOpenStack Platform 13.0 (Queens).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.4.5)\n\nSecurity Fix(es):\n\n* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH), Brian Coca (Red Hat), and Michael Scherer (OSAS) for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2585",
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2585.json"
}
],
"title": "Red Hat Security Advisory: ansible security update",
"tracking": {
"current_release_date": "2024-11-14T23:44:48+00:00",
"generator": {
"date": "2024-11-14T23:44:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:2585",
"initial_release_date": "2018-08-29T16:05:26+00:00",
"revision_history": [
{
"date": "2018-08-29T16:05:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-08-29T16:05:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:44:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 13.0",
"product": {
"name": "Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:13::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 13.0",
"product": {
"name": "Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:13::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product_id": "ansible-0:2.4.6.0-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_id": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.src as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.src",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.src as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.src",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-29T16:05:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
},
{
"acknowledgments": [
{
"names": [
"Michael Scherer"
],
"organization": "OSAS"
}
],
"cve": "CVE-2018-10874",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596528"
}
],
"notes": [
{
"category": "description",
"text": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10874"
},
{
"category": "external",
"summary": "RHBZ#1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-29T16:05:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution"
},
{
"acknowledgments": [
{
"names": [
"Brian Coca"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10875",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2018-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596533"
}
],
"notes": [
{
"category": "description",
"text": "It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: ansible.cfg is being read from current working directory allowing possible code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "RHBZ#1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-29T16:05:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: ansible.cfg is being read from current working directory allowing possible code execution"
}
]
}
RHSA-2018:2585
Vulnerability from csaf_redhat - Published: 2018-08-29 16:05 - Updated: 2025-11-21 18:05Summary
Red Hat Security Advisory: ansible security update
Notes
Topic
An update for ansible is now available for Red Hat
OpenStack Platform 13.0 (Queens).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
The following packages have been upgraded to a newer upstream version: ansible (2.4.5)
Security Fix(es):
* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)
* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)
* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)
For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH), Brian Coca (Red Hat), and Michael Scherer (OSAS) for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ansible is now available for Red Hat\nOpenStack Platform 13.0 (Queens).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.4.5)\n\nSecurity Fix(es):\n\n* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH), Brian Coca (Red Hat), and Michael Scherer (OSAS) for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2585",
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2585.json"
}
],
"title": "Red Hat Security Advisory: ansible security update",
"tracking": {
"current_release_date": "2025-11-21T18:05:57+00:00",
"generator": {
"date": "2025-11-21T18:05:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:2585",
"initial_release_date": "2018-08-29T16:05:26+00:00",
"revision_history": [
{
"date": "2018-08-29T16:05:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-08-29T16:05:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:05:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 13.0",
"product": {
"name": "Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:13::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 13.0",
"product": {
"name": "Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:13::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product_id": "ansible-0:2.4.6.0-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_id": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.src as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.src",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.src as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.src",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-29T16:05:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
},
{
"acknowledgments": [
{
"names": [
"Michael Scherer"
],
"organization": "OSAS"
}
],
"cve": "CVE-2018-10874",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596528"
}
],
"notes": [
{
"category": "description",
"text": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10874"
},
{
"category": "external",
"summary": "RHBZ#1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-29T16:05:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution"
},
{
"acknowledgments": [
{
"names": [
"Brian Coca"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10875",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2018-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596533"
}
],
"notes": [
{
"category": "description",
"text": "It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: ansible.cfg is being read from current working directory allowing possible code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "RHBZ#1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-29T16:05:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-13.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:ansible-0:2.4.6.0-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: ansible.cfg is being read from current working directory allowing possible code execution"
}
]
}
RHSA-2018_2184
Vulnerability from csaf_redhat - Published: 2018-07-12 13:14 - Updated: 2024-11-14 23:43Summary
Red Hat Security Advisory: CloudForms 4.6.3 bug fix and enhancement update
Notes
Topic
An update is now available for CloudForms Management Engine 5.9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
Security fix(es):
* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues.
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the
References section.
Additional Changes:
This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for CloudForms Management Engine 5.9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nSecurity fix(es):\n\n* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues.\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in the\nReferences section.\n\nAdditional Changes:\n\nThis update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2184",
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1536677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536677"
},
{
"category": "external",
"summary": "1553227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553227"
},
{
"category": "external",
"summary": "1553383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553383"
},
{
"category": "external",
"summary": "1553795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553795"
},
{
"category": "external",
"summary": "1563745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563745"
},
{
"category": "external",
"summary": "1565845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565845"
},
{
"category": "external",
"summary": "1565925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565925"
},
{
"category": "external",
"summary": "1566570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566570"
},
{
"category": "external",
"summary": "1569170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569170"
},
{
"category": "external",
"summary": "1571303",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571303"
},
{
"category": "external",
"summary": "1572760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572760"
},
{
"category": "external",
"summary": "1574154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574154"
},
{
"category": "external",
"summary": "1574569",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574569"
},
{
"category": "external",
"summary": "1575713",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575713"
},
{
"category": "external",
"summary": "1576099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576099"
},
{
"category": "external",
"summary": "1577247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577247"
},
{
"category": "external",
"summary": "1578121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578121"
},
{
"category": "external",
"summary": "1578124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578124"
},
{
"category": "external",
"summary": "1578125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578125"
},
{
"category": "external",
"summary": "1578126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578126"
},
{
"category": "external",
"summary": "1578388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578388"
},
{
"category": "external",
"summary": "1578393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578393"
},
{
"category": "external",
"summary": "1578394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578394"
},
{
"category": "external",
"summary": "1578398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578398"
},
{
"category": "external",
"summary": "1578400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578400"
},
{
"category": "external",
"summary": "1578856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578856"
},
{
"category": "external",
"summary": "1578865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578865"
},
{
"category": "external",
"summary": "1578954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578954"
},
{
"category": "external",
"summary": "1578957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578957"
},
{
"category": "external",
"summary": "1578964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578964"
},
{
"category": "external",
"summary": "1578972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578972"
},
{
"category": "external",
"summary": "1578976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578976"
},
{
"category": "external",
"summary": "1578986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578986"
},
{
"category": "external",
"summary": "1578990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578990"
},
{
"category": "external",
"summary": "1578996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578996"
},
{
"category": "external",
"summary": "1580520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580520"
},
{
"category": "external",
"summary": "1580535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580535"
},
{
"category": "external",
"summary": "1581287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581287"
},
{
"category": "external",
"summary": "1581307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581307"
},
{
"category": "external",
"summary": "1581386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581386"
},
{
"category": "external",
"summary": "1583704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583704"
},
{
"category": "external",
"summary": "1583710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583710"
},
{
"category": "external",
"summary": "1583777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583777"
},
{
"category": "external",
"summary": "1583779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583779"
},
{
"category": "external",
"summary": "1583784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583784"
},
{
"category": "external",
"summary": "1583786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583786"
},
{
"category": "external",
"summary": "1583788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583788"
},
{
"category": "external",
"summary": "1583851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583851"
},
{
"category": "external",
"summary": "1584186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584186"
},
{
"category": "external",
"summary": "1584296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584296"
},
{
"category": "external",
"summary": "1584406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584406"
},
{
"category": "external",
"summary": "1584687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584687"
},
{
"category": "external",
"summary": "1584699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584699"
},
{
"category": "external",
"summary": "1585709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585709"
},
{
"category": "external",
"summary": "1585745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585745"
},
{
"category": "external",
"summary": "1585821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585821"
},
{
"category": "external",
"summary": "1586213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586213"
},
{
"category": "external",
"summary": "1588038",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588038"
},
{
"category": "external",
"summary": "1588042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588042"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "1589837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1589837"
},
{
"category": "external",
"summary": "1590346",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590346"
},
{
"category": "external",
"summary": "1590353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590353"
},
{
"category": "external",
"summary": "1590426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590426"
},
{
"category": "external",
"summary": "1590430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590430"
},
{
"category": "external",
"summary": "1590846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590846"
},
{
"category": "external",
"summary": "1591422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591422"
},
{
"category": "external",
"summary": "1591423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591423"
},
{
"category": "external",
"summary": "1591425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591425"
},
{
"category": "external",
"summary": "1591427",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591427"
},
{
"category": "external",
"summary": "1591429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591429"
},
{
"category": "external",
"summary": "1591450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591450"
},
{
"category": "external",
"summary": "1591484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591484"
},
{
"category": "external",
"summary": "1591939",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591939"
},
{
"category": "external",
"summary": "1592414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592414"
},
{
"category": "external",
"summary": "1592504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592504"
},
{
"category": "external",
"summary": "1592852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592852"
},
{
"category": "external",
"summary": "1592913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592913"
},
{
"category": "external",
"summary": "1592973",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592973"
},
{
"category": "external",
"summary": "1593677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593677"
},
{
"category": "external",
"summary": "1593684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593684"
},
{
"category": "external",
"summary": "1593797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593797"
},
{
"category": "external",
"summary": "1594027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594027"
},
{
"category": "external",
"summary": "1594268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594268"
},
{
"category": "external",
"summary": "1594275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594275"
},
{
"category": "external",
"summary": "1594324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594324"
},
{
"category": "external",
"summary": "1594386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594386"
},
{
"category": "external",
"summary": "1594831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594831"
},
{
"category": "external",
"summary": "1594833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594833"
},
{
"category": "external",
"summary": "1594839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594839"
},
{
"category": "external",
"summary": "1595324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595324"
},
{
"category": "external",
"summary": "1595418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595418"
},
{
"category": "external",
"summary": "1595734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595734"
},
{
"category": "external",
"summary": "1596248",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596248"
},
{
"category": "external",
"summary": "1596249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596249"
},
{
"category": "external",
"summary": "1596314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596314"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2184.json"
}
],
"title": "Red Hat Security Advisory: CloudForms 4.6.3 bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-11-14T23:43:55+00:00",
"generator": {
"date": "2024-11-14T23:43:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:2184",
"initial_release_date": "2018-07-12T13:14:44+00:00",
"revision_history": [
{
"date": "2018-07-12T13:14:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-07-12T13:14:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:43:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CloudForms Management Engine 5.9",
"product": {
"name": "CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat CloudForms"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"product": {
"name": "ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"product_id": "ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower-venv-tower@3.2.5-1.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"product": {
"name": "ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"product_id": "ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower-venv-ansible@3.2.5-1.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"product": {
"name": "ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"product_id": "ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower-server@3.2.5-1.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"product": {
"name": "ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"product_id": "ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower-ui@3.2.5-1.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-0:3.2.5-1.el7at.x86_64",
"product": {
"name": "ansible-tower-0:3.2.5-1.el7at.x86_64",
"product_id": "ansible-tower-0:3.2.5-1.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower@3.2.5-1.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"product": {
"name": "ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"product_id": "ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower-setup@3.2.5-1.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64",
"product": {
"name": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64",
"product_id": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-configmap-generator@0.2.2-1.1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-debuginfo@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance-tools@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance-common@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance-debuginfo@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-gemset@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-gemset-debuginfo@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-amazon-smartstate@5.9.3.4-1.el7cf?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-0:3.2.5-1.el7at.src",
"product": {
"name": "ansible-tower-0:3.2.5-1.el7at.src",
"product_id": "ansible-tower-0:3.2.5-1.el7at.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower@3.2.5-1.el7at?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"product": {
"name": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"product_id": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-configmap-generator@0.2.2-1.1.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-0:2.4.5.0-1.el7ae.src",
"product": {
"name": "ansible-0:2.4.5.0-1.el7ae.src",
"product_id": "ansible-0:2.4.5.0-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.5.0-1.el7ae?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.9.3.4-1.el7cf.src",
"product": {
"name": "cfme-0:5.9.3.4-1.el7cf.src",
"product_id": "cfme-0:5.9.3.4-1.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.9.3.4-1.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-0:5.9.3.4-1.el7cf.src",
"product": {
"name": "cfme-appliance-0:5.9.3.4-1.el7cf.src",
"product_id": "cfme-appliance-0:5.9.3.4-1.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance@5.9.3.4-1.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-gemset-0:5.9.3.4-1.el7cf.src",
"product": {
"name": "cfme-gemset-0:5.9.3.4-1.el7cf.src",
"product_id": "cfme-gemset-0:5.9.3.4-1.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-gemset@5.9.3.4-1.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"product": {
"name": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"product_id": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-amazon-smartstate@5.9.3.4-1.el7cf?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"product": {
"name": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"product_id": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-doc@2.4.5.0-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-0:2.4.5.0-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.4.5.0-1.el7ae.noarch",
"product_id": "ansible-0:2.4.5.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.5.0-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.5.0-1.el7ae.noarch as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.5.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.5.0-1.el7ae.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.5.0-1.el7ae.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-0:2.4.5.0-1.el7ae.noarch as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-doc-0:2.4.5.0-1.el7ae.noarch"
},
"product_reference": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-0:3.2.5-1.el7at.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.src"
},
"product_reference": "ansible-tower-0:3.2.5-1.el7at.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-0:3.2.5-1.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.x86_64"
},
"product_reference": "ansible-tower-0:3.2.5-1.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-server-0:3.2.5-1.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-server-0:3.2.5-1.el7at.x86_64"
},
"product_reference": "ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-setup-0:3.2.5-1.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-setup-0:3.2.5-1.el7at.x86_64"
},
"product_reference": "ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-ui-0:3.2.5-1.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-ui-0:3.2.5-1.el7at.x86_64"
},
"product_reference": "ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64"
},
"product_reference": "ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64"
},
"product_reference": "ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.9.3.4-1.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.src"
},
"product_reference": "cfme-0:5.9.3.4-1.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src"
},
"product_reference": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-0:5.9.3.4-1.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.src"
},
"product_reference": "cfme-appliance-0:5.9.3.4-1.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-gemset-0:5.9.3.4-1.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.src"
},
"product_reference": "cfme-gemset-0:5.9.3.4-1.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-gemset-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.src"
},
"product_reference": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64"
},
"product_reference": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.noarch",
"7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.src",
"7Server-RH7-CFME-5.9:ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.src",
"7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-07-12T13:14:44+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.noarch",
"7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.src",
"7Server-RH7-CFME-5.9:ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.src",
"7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.noarch",
"7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.src",
"7Server-RH7-CFME-5.9:ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.src",
"7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
}
]
}
RHSA-2018_1949
Vulnerability from csaf_redhat - Published: 2018-06-19 19:27 - Updated: 2024-11-14 23:43Summary
Red Hat Security Advisory: ansible security and bug fix update
Notes
Topic
An update for ansible is now available for Red Hat Ansible Engine 2.5 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
The following packages have been upgraded to a newer upstream version: ansible (2.5.5)
Security fix(es):
* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for
reporting these issues.
Bug Fix(es):
* Changed the admin_users config option to not include "admin" by default
as admin is frequently used for a non-privileged account
(https://github.com/ansible/ansible/pull/41164)
* aws_s3 - add async support to the action plugin
(https://github.com/ansible/ansible/pull/40826)
* aws_s3 - fix decrypting vault files
(https://github.com/ansible/ansible/pull/39634)
* ec2_ami - cast the device_mapping volume size to an int
(https://github.com/ansible/ansible/pull/40938)
* eos_logging - fix idempotency issues
(https://github.com/ansible/ansible/pull/40604)
* cache plugins - a cache timeout of 0 means the cache will not expire.
* ios_logging - fix idempotency issues
(https://github.com/ansible/ansible/pull/41029)
* ios/nxos/eos_config - don't retrieve config in running_config when config
is provided for diff (https://github.com/ansible/ansible/pull/41400)
* nxos_banner - fix multiline banner issue
(https://github.com/ansible/ansible/pull/41026).
* nxos terminal plugin - fix output truncation
(https://github.com/ansible/ansible/pull/40960)
* nxos_l3_interface - fix no switchport issue with loopback and svi
interfaces (https://github.com/ansible/ansible/pull/37392).
* nxos_snapshot - fix compare_option
(https://github.com/ansible/ansible/pull/41386)
See
https://github.com/ansible/ansible/blob/v2.5.5/changelogs/CHANGELOG-v2.5.rst
for details on this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ansible is now available for Red Hat Ansible Engine 2.5 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.5.5)\n\nSecurity fix(es):\n\n* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for\nreporting these issues.\n\nBug Fix(es):\n\n* Changed the admin_users config option to not include \"admin\" by default\nas admin is frequently used for a non-privileged account\n(https://github.com/ansible/ansible/pull/41164)\n\n* aws_s3 - add async support to the action plugin\n(https://github.com/ansible/ansible/pull/40826)\n\n* aws_s3 - fix decrypting vault files\n(https://github.com/ansible/ansible/pull/39634)\n\n* ec2_ami - cast the device_mapping volume size to an int\n(https://github.com/ansible/ansible/pull/40938)\n\n* eos_logging - fix idempotency issues\n(https://github.com/ansible/ansible/pull/40604)\n\n* cache plugins - a cache timeout of 0 means the cache will not expire.\n\n* ios_logging - fix idempotency issues\n(https://github.com/ansible/ansible/pull/41029)\n\n* ios/nxos/eos_config - don\u0027t retrieve config in running_config when config\nis provided for diff (https://github.com/ansible/ansible/pull/41400)\n\n* nxos_banner - fix multiline banner issue\n(https://github.com/ansible/ansible/pull/41026).\n\n* nxos terminal plugin - fix output truncation\n(https://github.com/ansible/ansible/pull/40960)\n\n* nxos_l3_interface - fix no switchport issue with loopback and svi\ninterfaces (https://github.com/ansible/ansible/pull/37392).\n\n* nxos_snapshot - fix compare_option\n(https://github.com/ansible/ansible/pull/41386)\n\nSee\nhttps://github.com/ansible/ansible/blob/v2.5.5/changelogs/CHANGELOG-v2.5.rst\nfor details on this release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1949",
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1949.json"
}
],
"title": "Red Hat Security Advisory: ansible security and bug fix update",
"tracking": {
"current_release_date": "2024-11-14T23:43:44+00:00",
"generator": {
"date": "2024-11-14T23:43:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1949",
"initial_release_date": "2018-06-19T19:27:30+00:00",
"revision_history": [
{
"date": "2018-06-19T19:27:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-19T19:27:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:43:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product": {
"name": "Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_engine:2.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Engine"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"product": {
"name": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"product_id": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-doc@2.5.5-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-0:2.5.5-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.5.5-1.el7ae.noarch",
"product_id": "ansible-0:2.5.5-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.5.5-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.5.5-1.el7ae.src",
"product": {
"name": "ansible-0:2.5.5-1.el7ae.src",
"product_id": "ansible-0:2.5.5-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.5.5-1.el7ae?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.5.5-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.5.5-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.5.5-1.el7ae.src as a component of Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.src"
},
"product_reference": "ansible-0:2.5.5-1.el7ae.src",
"relates_to_product_reference": "7Server-Ansible-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-0:2.5.5-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.5:ansible-doc-0:2.5.5-1.el7ae.noarch"
},
"product_reference": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.noarch",
"7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.src",
"7Server-Ansible-2.5:ansible-doc-0:2.5.5-1.el7ae.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-19T19:27:30+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.noarch",
"7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.src",
"7Server-Ansible-2.5:ansible-doc-0:2.5.5-1.el7ae.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.noarch",
"7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.src",
"7Server-Ansible-2.5:ansible-doc-0:2.5.5-1.el7ae.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
}
]
}
RHSA-2018_2079
Vulnerability from csaf_redhat - Published: 2018-06-28 05:21 - Updated: 2024-11-14 23:43Summary
Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update
Notes
Topic
Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: imgbased (1.0.20), redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1590664)
Security Fix(es):
* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting this issue.
Bug Fix(es):
* Previously, if systems were configured to skip Logical Volume Manager (LVM) clusters, imgbased sees output that is unrelated to the Logical Volumes that are being queried.
As a result, imgbased failed to parse the output, causing Red Hat Virtualization Host updates to fail.
In this release imgbased now ignores output from skipped clusters enabling imgbased LVM commands to return successfully. (BZ#1568414)
Enhancement(s):
* Starting from version 4.0, Red Hat Virtualization Hosts could not be deployed from Satellite, and therefore could not take advantage of Satellite's tooling features.
In this release, Red Hat Virtualization Hosts can now be deployed from Satellite 6.3.2 and later. (BZ#1484532)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe following packages have been upgraded to a later upstream version: imgbased (1.0.20), redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1590664)\n\nSecurity Fix(es):\n\n* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting this issue.\n\nBug Fix(es):\n\n* Previously, if systems were configured to skip Logical Volume Manager (LVM) clusters, imgbased sees output that is unrelated to the Logical Volumes that are being queried.\n\nAs a result, imgbased failed to parse the output, causing Red Hat Virtualization Host updates to fail.\n\nIn this release imgbased now ignores output from skipped clusters enabling imgbased LVM commands to return successfully. (BZ#1568414)\n\nEnhancement(s):\n\n* Starting from version 4.0, Red Hat Virtualization Hosts could not be deployed from Satellite, and therefore could not take advantage of Satellite\u0027s tooling features.\n\nIn this release, Red Hat Virtualization Hosts can now be deployed from Satellite 6.3.2 and later. (BZ#1484532)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2079",
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1484532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484532"
},
{
"category": "external",
"summary": "1534197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534197"
},
{
"category": "external",
"summary": "1568414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568414"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2079.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-14T23:43:26+00:00",
"generator": {
"date": "2024-11-14T23:43:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:2079",
"initial_release_date": "2018-06-28T05:21:07+00:00",
"revision_history": [
{
"date": "2018-06-28T05:21:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-28T05:21:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:43:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.2-4.3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"product": {
"name": "python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"product_id": "python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-imgbased@1.0.20-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "imgbased-0:1.0.20-0.1.el7ev.noarch",
"product": {
"name": "imgbased-0:1.0.20-0.1.el7ev.noarch",
"product_id": "imgbased-0:1.0.20-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/imgbased@1.0.20-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"product_id": "redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.2-20180622.0.el7_5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-4.3.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"product_id": "redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-4.3.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "imgbased-0:1.0.20-0.1.el7ev.src",
"product": {
"name": "imgbased-0:1.0.20-0.1.el7ev.src",
"product_id": "imgbased-0:1.0.20-0.1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/imgbased@1.0.20-0.1.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"product": {
"name": "redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"product_id": "redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.2-20180622.0.el7_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.2-20180622.0.el7_5.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180622.0.el7_5.src"
},
"product_reference": "redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "imgbased-0:1.0.20-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.noarch"
},
"product_reference": "imgbased-0:1.0.20-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "imgbased-0:1.0.20-0.1.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.src"
},
"product_reference": "imgbased-0:1.0.20-0.1.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-imgbased-0:1.0.20-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.20-0.1.el7ev.noarch"
},
"product_reference": "python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-4.3.el7.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-28T05:21:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180622.0.el7_5.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.20-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.20-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-4.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
}
]
}
RHSA-2019:0054
Vulnerability from csaf_redhat - Published: 2019-01-16 17:11 - Updated: 2025-11-21 18:07Summary
Red Hat Security Advisory: ansible security update
Notes
Topic
An update for ansible is now available for Red Hat OpenStack Platform 10.0 (Newton).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
Security Fix(es):
* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)
* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)
* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting CVE-2018-10855 and Michael Scherer (OSAS) for reporting CVE-2018-10874. The CVE-2018-10875 issue was discovered by Brian Coca (Red Hat).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ansible is now available for Red Hat OpenStack Platform 10.0 (Newton).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nSecurity Fix(es):\n\n* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting CVE-2018-10855 and Michael Scherer (OSAS) for reporting CVE-2018-10874. The CVE-2018-10875 issue was discovered by Brian Coca (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0054",
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0054.json"
}
],
"title": "Red Hat Security Advisory: ansible security update",
"tracking": {
"current_release_date": "2025-11-21T18:07:18+00:00",
"generator": {
"date": "2025-11-21T18:07:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:0054",
"initial_release_date": "2019-01-16T17:11:06+00:00",
"revision_history": [
{
"date": "2019-01-16T17:11:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-01-16T17:11:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:07:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 10.0",
"product": {
"name": "Red Hat OpenStack Platform 10.0",
"product_id": "7Server-RH7-RHOS-10.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:10::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product_id": "ansible-0:2.4.6.0-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_id": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch as a component of Red Hat OpenStack Platform 10.0",
"product_id": "7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-10.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.src as a component of Red Hat OpenStack Platform 10.0",
"product_id": "7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.src",
"relates_to_product_reference": "7Server-RH7-RHOS-10.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-01-16T17:11:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
},
{
"acknowledgments": [
{
"names": [
"Michael Scherer"
],
"organization": "OSAS"
}
],
"cve": "CVE-2018-10874",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596528"
}
],
"notes": [
{
"category": "description",
"text": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10874"
},
{
"category": "external",
"summary": "RHBZ#1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-01-16T17:11:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution"
},
{
"acknowledgments": [
{
"names": [
"Brian Coca"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10875",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2018-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596533"
}
],
"notes": [
{
"category": "description",
"text": "It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: ansible.cfg is being read from current working directory allowing possible code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "RHBZ#1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-01-16T17:11:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-10.0:ansible-0:2.4.6.0-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: ansible.cfg is being read from current working directory allowing possible code execution"
}
]
}
RHSA-2018_2022
Vulnerability from csaf_redhat - Published: 2018-06-26 17:12 - Updated: 2024-11-14 23:43Summary
Red Hat Security Advisory: ansible security and bug fix update
Notes
Topic
An update for ansible is now available for Red Hat Ansible Engine 2.4 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
The following packages have been upgraded to a newer upstream version: ansible (2.4.5)
Security fix(es):
* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues.
Bug Fix(es):
* Fixed win_copy to preserve the global Ansible local tmp path instead of
deleting it when dealing with multiple files
(https://github.com/ansible/ansible/pull/37964)
* Fixed Windows setup.ps1 for slow performance in large domain environments
(https://github.com/ansible/ansible/pull/38646)
* Fixed eos_logging idempotency issue when trying to set both logging
destination & facility
(https://github.com/ansible/ansible/pull/40604)
* Fixed ios_logging idempotency issue when trying to set both logging
destination & facility
(https://github.com/ansible/ansible/pull/41076)
See https://github.com/ansible/ansible/blob/v2.4.5.0-1/CHANGELOG.md for details on this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ansible is now available for Red Hat Ansible Engine 2.4 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.4.5)\n\nSecurity fix(es):\n\n* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues.\n\nBug Fix(es):\n\n* Fixed win_copy to preserve the global Ansible local tmp path instead of\n deleting it when dealing with multiple files\n (https://github.com/ansible/ansible/pull/37964)\n\n* Fixed Windows setup.ps1 for slow performance in large domain environments\n (https://github.com/ansible/ansible/pull/38646)\n\n* Fixed eos_logging idempotency issue when trying to set both logging \n destination \u0026 facility\n (https://github.com/ansible/ansible/pull/40604)\n\n* Fixed ios_logging idempotency issue when trying to set both logging \n destination \u0026 facility\n (https://github.com/ansible/ansible/pull/41076)\n\nSee https://github.com/ansible/ansible/blob/v2.4.5.0-1/CHANGELOG.md for details on this release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2022",
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2022.json"
}
],
"title": "Red Hat Security Advisory: ansible security and bug fix update",
"tracking": {
"current_release_date": "2024-11-14T23:43:52+00:00",
"generator": {
"date": "2024-11-14T23:43:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:2022",
"initial_release_date": "2018-06-26T17:12:33+00:00",
"revision_history": [
{
"date": "2018-06-26T17:12:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-26T17:12:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:43:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Engine 2.4 for RHEL 7 Server",
"product": {
"name": "Red Hat Ansible Engine 2.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_engine:2.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Engine"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"product": {
"name": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"product_id": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-doc@2.4.5.0-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-0:2.4.5.0-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.4.5.0-1.el7ae.noarch",
"product_id": "ansible-0:2.4.5.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.5.0-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.5.0-1.el7ae.src",
"product": {
"name": "ansible-0:2.4.5.0-1.el7ae.src",
"product_id": "ansible-0:2.4.5.0-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.5.0-1.el7ae?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.5.0-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.5.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.5.0-1.el7ae.src as a component of Red Hat Ansible Engine 2.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.5.0-1.el7ae.src",
"relates_to_product_reference": "7Server-Ansible-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-0:2.4.5.0-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.4:ansible-doc-0:2.4.5.0-1.el7ae.noarch"
},
"product_reference": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.noarch",
"7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.src",
"7Server-Ansible-2.4:ansible-doc-0:2.4.5.0-1.el7ae.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-26T17:12:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.noarch",
"7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.src",
"7Server-Ansible-2.4:ansible-doc-0:2.4.5.0-1.el7ae.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.noarch",
"7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.src",
"7Server-Ansible-2.4:ansible-doc-0:2.4.5.0-1.el7ae.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
}
]
}
RHSA-2018:2184
Vulnerability from csaf_redhat - Published: 2018-07-12 13:14 - Updated: 2025-11-21 18:05Summary
Red Hat Security Advisory: CloudForms 4.6.3 bug fix and enhancement update
Notes
Topic
An update is now available for CloudForms Management Engine 5.9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
Security fix(es):
* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues.
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the
References section.
Additional Changes:
This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for CloudForms Management Engine 5.9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nSecurity fix(es):\n\n* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues.\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in the\nReferences section.\n\nAdditional Changes:\n\nThis update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2184",
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1536677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536677"
},
{
"category": "external",
"summary": "1553227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553227"
},
{
"category": "external",
"summary": "1553383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553383"
},
{
"category": "external",
"summary": "1553795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553795"
},
{
"category": "external",
"summary": "1563745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563745"
},
{
"category": "external",
"summary": "1565845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565845"
},
{
"category": "external",
"summary": "1565925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565925"
},
{
"category": "external",
"summary": "1566570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566570"
},
{
"category": "external",
"summary": "1569170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569170"
},
{
"category": "external",
"summary": "1571303",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571303"
},
{
"category": "external",
"summary": "1572760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572760"
},
{
"category": "external",
"summary": "1574154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574154"
},
{
"category": "external",
"summary": "1574569",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574569"
},
{
"category": "external",
"summary": "1575713",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575713"
},
{
"category": "external",
"summary": "1576099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576099"
},
{
"category": "external",
"summary": "1577247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577247"
},
{
"category": "external",
"summary": "1578121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578121"
},
{
"category": "external",
"summary": "1578124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578124"
},
{
"category": "external",
"summary": "1578125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578125"
},
{
"category": "external",
"summary": "1578126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578126"
},
{
"category": "external",
"summary": "1578388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578388"
},
{
"category": "external",
"summary": "1578393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578393"
},
{
"category": "external",
"summary": "1578394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578394"
},
{
"category": "external",
"summary": "1578398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578398"
},
{
"category": "external",
"summary": "1578400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578400"
},
{
"category": "external",
"summary": "1578856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578856"
},
{
"category": "external",
"summary": "1578865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578865"
},
{
"category": "external",
"summary": "1578954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578954"
},
{
"category": "external",
"summary": "1578957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578957"
},
{
"category": "external",
"summary": "1578964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578964"
},
{
"category": "external",
"summary": "1578972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578972"
},
{
"category": "external",
"summary": "1578976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578976"
},
{
"category": "external",
"summary": "1578986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578986"
},
{
"category": "external",
"summary": "1578990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578990"
},
{
"category": "external",
"summary": "1578996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578996"
},
{
"category": "external",
"summary": "1580520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580520"
},
{
"category": "external",
"summary": "1580535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580535"
},
{
"category": "external",
"summary": "1581287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581287"
},
{
"category": "external",
"summary": "1581307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581307"
},
{
"category": "external",
"summary": "1581386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581386"
},
{
"category": "external",
"summary": "1583704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583704"
},
{
"category": "external",
"summary": "1583710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583710"
},
{
"category": "external",
"summary": "1583777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583777"
},
{
"category": "external",
"summary": "1583779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583779"
},
{
"category": "external",
"summary": "1583784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583784"
},
{
"category": "external",
"summary": "1583786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583786"
},
{
"category": "external",
"summary": "1583788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583788"
},
{
"category": "external",
"summary": "1583851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583851"
},
{
"category": "external",
"summary": "1584186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584186"
},
{
"category": "external",
"summary": "1584296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584296"
},
{
"category": "external",
"summary": "1584406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584406"
},
{
"category": "external",
"summary": "1584687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584687"
},
{
"category": "external",
"summary": "1584699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584699"
},
{
"category": "external",
"summary": "1585709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585709"
},
{
"category": "external",
"summary": "1585745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585745"
},
{
"category": "external",
"summary": "1585821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585821"
},
{
"category": "external",
"summary": "1586213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586213"
},
{
"category": "external",
"summary": "1588038",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588038"
},
{
"category": "external",
"summary": "1588042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588042"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "1589837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1589837"
},
{
"category": "external",
"summary": "1590346",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590346"
},
{
"category": "external",
"summary": "1590353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590353"
},
{
"category": "external",
"summary": "1590426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590426"
},
{
"category": "external",
"summary": "1590430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590430"
},
{
"category": "external",
"summary": "1590846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590846"
},
{
"category": "external",
"summary": "1591422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591422"
},
{
"category": "external",
"summary": "1591423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591423"
},
{
"category": "external",
"summary": "1591425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591425"
},
{
"category": "external",
"summary": "1591427",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591427"
},
{
"category": "external",
"summary": "1591429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591429"
},
{
"category": "external",
"summary": "1591450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591450"
},
{
"category": "external",
"summary": "1591484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591484"
},
{
"category": "external",
"summary": "1591939",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591939"
},
{
"category": "external",
"summary": "1592414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592414"
},
{
"category": "external",
"summary": "1592504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592504"
},
{
"category": "external",
"summary": "1592852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592852"
},
{
"category": "external",
"summary": "1592913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592913"
},
{
"category": "external",
"summary": "1592973",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592973"
},
{
"category": "external",
"summary": "1593677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593677"
},
{
"category": "external",
"summary": "1593684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593684"
},
{
"category": "external",
"summary": "1593797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593797"
},
{
"category": "external",
"summary": "1594027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594027"
},
{
"category": "external",
"summary": "1594268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594268"
},
{
"category": "external",
"summary": "1594275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594275"
},
{
"category": "external",
"summary": "1594324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594324"
},
{
"category": "external",
"summary": "1594386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594386"
},
{
"category": "external",
"summary": "1594831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594831"
},
{
"category": "external",
"summary": "1594833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594833"
},
{
"category": "external",
"summary": "1594839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594839"
},
{
"category": "external",
"summary": "1595324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595324"
},
{
"category": "external",
"summary": "1595418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595418"
},
{
"category": "external",
"summary": "1595734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595734"
},
{
"category": "external",
"summary": "1596248",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596248"
},
{
"category": "external",
"summary": "1596249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596249"
},
{
"category": "external",
"summary": "1596314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596314"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2184.json"
}
],
"title": "Red Hat Security Advisory: CloudForms 4.6.3 bug fix and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T18:05:31+00:00",
"generator": {
"date": "2025-11-21T18:05:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:2184",
"initial_release_date": "2018-07-12T13:14:44+00:00",
"revision_history": [
{
"date": "2018-07-12T13:14:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-07-12T13:14:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:05:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CloudForms Management Engine 5.9",
"product": {
"name": "CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat CloudForms"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"product": {
"name": "ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"product_id": "ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower-venv-tower@3.2.5-1.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"product": {
"name": "ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"product_id": "ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower-venv-ansible@3.2.5-1.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"product": {
"name": "ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"product_id": "ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower-server@3.2.5-1.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"product": {
"name": "ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"product_id": "ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower-ui@3.2.5-1.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-0:3.2.5-1.el7at.x86_64",
"product": {
"name": "ansible-tower-0:3.2.5-1.el7at.x86_64",
"product_id": "ansible-tower-0:3.2.5-1.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower@3.2.5-1.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"product": {
"name": "ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"product_id": "ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower-setup@3.2.5-1.el7at?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64",
"product": {
"name": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64",
"product_id": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-configmap-generator@0.2.2-1.1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-debuginfo@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance-tools@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance-common@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance-debuginfo@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-gemset@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-gemset-debuginfo@5.9.3.4-1.el7cf?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"product": {
"name": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"product_id": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-amazon-smartstate@5.9.3.4-1.el7cf?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-0:3.2.5-1.el7at.src",
"product": {
"name": "ansible-tower-0:3.2.5-1.el7at.src",
"product_id": "ansible-tower-0:3.2.5-1.el7at.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-tower@3.2.5-1.el7at?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"product": {
"name": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"product_id": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-configmap-generator@0.2.2-1.1.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-0:2.4.5.0-1.el7ae.src",
"product": {
"name": "ansible-0:2.4.5.0-1.el7ae.src",
"product_id": "ansible-0:2.4.5.0-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.5.0-1.el7ae?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-0:5.9.3.4-1.el7cf.src",
"product": {
"name": "cfme-0:5.9.3.4-1.el7cf.src",
"product_id": "cfme-0:5.9.3.4-1.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme@5.9.3.4-1.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-appliance-0:5.9.3.4-1.el7cf.src",
"product": {
"name": "cfme-appliance-0:5.9.3.4-1.el7cf.src",
"product_id": "cfme-appliance-0:5.9.3.4-1.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-appliance@5.9.3.4-1.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-gemset-0:5.9.3.4-1.el7cf.src",
"product": {
"name": "cfme-gemset-0:5.9.3.4-1.el7cf.src",
"product_id": "cfme-gemset-0:5.9.3.4-1.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-gemset@5.9.3.4-1.el7cf?arch=src"
}
}
},
{
"category": "product_version",
"name": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"product": {
"name": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"product_id": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cfme-amazon-smartstate@5.9.3.4-1.el7cf?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"product": {
"name": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"product_id": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-doc@2.4.5.0-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-0:2.4.5.0-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.4.5.0-1.el7ae.noarch",
"product_id": "ansible-0:2.4.5.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.5.0-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.5.0-1.el7ae.noarch as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.5.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.5.0-1.el7ae.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.5.0-1.el7ae.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-0:2.4.5.0-1.el7ae.noarch as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-doc-0:2.4.5.0-1.el7ae.noarch"
},
"product_reference": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-0:3.2.5-1.el7at.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.src"
},
"product_reference": "ansible-tower-0:3.2.5-1.el7at.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-0:3.2.5-1.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.x86_64"
},
"product_reference": "ansible-tower-0:3.2.5-1.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-server-0:3.2.5-1.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-server-0:3.2.5-1.el7at.x86_64"
},
"product_reference": "ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-setup-0:3.2.5-1.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-setup-0:3.2.5-1.el7at.x86_64"
},
"product_reference": "ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-ui-0:3.2.5-1.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-ui-0:3.2.5-1.el7at.x86_64"
},
"product_reference": "ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64"
},
"product_reference": "ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64"
},
"product_reference": "ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.9.3.4-1.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.src"
},
"product_reference": "cfme-0:5.9.3.4-1.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src"
},
"product_reference": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-0:5.9.3.4-1.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.src"
},
"product_reference": "cfme-appliance-0:5.9.3.4-1.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-gemset-0:5.9.3.4-1.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.src"
},
"product_reference": "cfme-gemset-0:5.9.3.4-1.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-gemset-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64"
},
"product_reference": "cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.src as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.src"
},
"product_reference": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64 as a component of CloudForms Management Engine 5.9",
"product_id": "7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64"
},
"product_reference": "httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64",
"relates_to_product_reference": "7Server-RH7-CFME-5.9"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.noarch",
"7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.src",
"7Server-RH7-CFME-5.9:ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.src",
"7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-07-12T13:14:44+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.noarch",
"7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.src",
"7Server-RH7-CFME-5.9:ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.src",
"7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.noarch",
"7Server-RH7-CFME-5.9:ansible-0:2.4.5.0-1.el7ae.src",
"7Server-RH7-CFME-5.9:ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.src",
"7Server-RH7-CFME-5.9:ansible-tower-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-server-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-setup-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-ui-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-venv-ansible-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:ansible-tower-venv-tower-0:3.2.5-1.el7at.x86_64",
"7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-amazon-smartstate-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-appliance-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-common-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-appliance-tools-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.src",
"7Server-RH7-CFME-5.9:cfme-gemset-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf.x86_64",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.src",
"7Server-RH7-CFME-5.9:httpd-configmap-generator-0:0.2.2-1.1.el7cf.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
}
]
}
RHBA-2018_3788
Vulnerability from csaf_redhat - Published: 2018-12-05 19:01 - Updated: 2024-11-14 23:32Summary
Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 12 Bug Fix and Enhancement Advisory
Notes
Topic
Updated packages that resolve various issues are now available for Red Hat
OpenStack Platform 12.0 (Pike) for RHEL 7.
Details
Red Hat OpenStack Platform provides the facilities for building, deploying
and monitoring a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that resolve various issues are now available for Red Hat\nOpenStack Platform 12.0 (Pike) for RHEL 7.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenStack Platform provides the facilities for building, deploying\nand monitoring a private or public infrastructure-as-a-service (IaaS) cloud\nrunning on commonly available physical hardware.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2018:3788",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"category": "external",
"summary": "1568591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568591"
},
{
"category": "external",
"summary": "1644801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644801"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhba-2018_3788.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 12 Bug Fix and Enhancement Advisory",
"tracking": {
"current_release_date": "2024-11-14T23:32:57+00:00",
"generator": {
"date": "2024-11-14T23:32:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2018:3788",
"initial_release_date": "2018-12-05T19:01:13+00:00",
"revision_history": [
{
"date": "2018-12-05T19:01:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-12-05T19:01:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:32:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 12.0",
"product": {
"name": "Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:12::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product_id": "ansible-0:2.4.6.0-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"product": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"product_id": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-role-redhat-subscription@1.0.1-4.el7ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_id": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"product": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"product_id": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-role-redhat-subscription@1.0.1-4.el7ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.src as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.src",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch"
},
"product_reference": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
},
"product_reference": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-05T19:01:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat OpenStack Platform 12 runs on Red Hat Enterprise Linux 7.5.\n\nThe Red Hat OpenStack Platform 12 Release Notes contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat OpenStack Platform 12, including which\nchannels need to be enabled and disabled.\n\nThe Release Notes are available at:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/\n\nThis update is available through \u0027yum update\u0027 on systems registered through\nRed Hat Subscription Manager. For more information about Red Hat\nSubscription Manager, see:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html",
"product_ids": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
},
{
"acknowledgments": [
{
"names": [
"Michael Scherer"
],
"organization": "OSAS"
}
],
"cve": "CVE-2018-10874",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596528"
}
],
"notes": [
{
"category": "description",
"text": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10874"
},
{
"category": "external",
"summary": "RHBZ#1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-05T19:01:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat OpenStack Platform 12 runs on Red Hat Enterprise Linux 7.5.\n\nThe Red Hat OpenStack Platform 12 Release Notes contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat OpenStack Platform 12, including which\nchannels need to be enabled and disabled.\n\nThe Release Notes are available at:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/\n\nThis update is available through \u0027yum update\u0027 on systems registered through\nRed Hat Subscription Manager. For more information about Red Hat\nSubscription Manager, see:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html",
"product_ids": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution"
},
{
"acknowledgments": [
{
"names": [
"Brian Coca"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10875",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2018-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596533"
}
],
"notes": [
{
"category": "description",
"text": "It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: ansible.cfg is being read from current working directory allowing possible code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "RHBZ#1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-05T19:01:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat OpenStack Platform 12 runs on Red Hat Enterprise Linux 7.5.\n\nThe Red Hat OpenStack Platform 12 Release Notes contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat OpenStack Platform 12, including which\nchannels need to be enabled and disabled.\n\nThe Release Notes are available at:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/\n\nThis update is available through \u0027yum update\u0027 on systems registered through\nRed Hat Subscription Manager. For more information about Red Hat\nSubscription Manager, see:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html",
"product_ids": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: ansible.cfg is being read from current working directory allowing possible code execution"
}
]
}
RHSA-2018:1949
Vulnerability from csaf_redhat - Published: 2018-06-19 19:27 - Updated: 2025-11-21 18:05Summary
Red Hat Security Advisory: ansible security and bug fix update
Notes
Topic
An update for ansible is now available for Red Hat Ansible Engine 2.5 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
The following packages have been upgraded to a newer upstream version: ansible (2.5.5)
Security fix(es):
* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for
reporting these issues.
Bug Fix(es):
* Changed the admin_users config option to not include "admin" by default
as admin is frequently used for a non-privileged account
(https://github.com/ansible/ansible/pull/41164)
* aws_s3 - add async support to the action plugin
(https://github.com/ansible/ansible/pull/40826)
* aws_s3 - fix decrypting vault files
(https://github.com/ansible/ansible/pull/39634)
* ec2_ami - cast the device_mapping volume size to an int
(https://github.com/ansible/ansible/pull/40938)
* eos_logging - fix idempotency issues
(https://github.com/ansible/ansible/pull/40604)
* cache plugins - a cache timeout of 0 means the cache will not expire.
* ios_logging - fix idempotency issues
(https://github.com/ansible/ansible/pull/41029)
* ios/nxos/eos_config - don't retrieve config in running_config when config
is provided for diff (https://github.com/ansible/ansible/pull/41400)
* nxos_banner - fix multiline banner issue
(https://github.com/ansible/ansible/pull/41026).
* nxos terminal plugin - fix output truncation
(https://github.com/ansible/ansible/pull/40960)
* nxos_l3_interface - fix no switchport issue with loopback and svi
interfaces (https://github.com/ansible/ansible/pull/37392).
* nxos_snapshot - fix compare_option
(https://github.com/ansible/ansible/pull/41386)
See
https://github.com/ansible/ansible/blob/v2.5.5/changelogs/CHANGELOG-v2.5.rst
for details on this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ansible is now available for Red Hat Ansible Engine 2.5 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.5.5)\n\nSecurity fix(es):\n\n* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for\nreporting these issues.\n\nBug Fix(es):\n\n* Changed the admin_users config option to not include \"admin\" by default\nas admin is frequently used for a non-privileged account\n(https://github.com/ansible/ansible/pull/41164)\n\n* aws_s3 - add async support to the action plugin\n(https://github.com/ansible/ansible/pull/40826)\n\n* aws_s3 - fix decrypting vault files\n(https://github.com/ansible/ansible/pull/39634)\n\n* ec2_ami - cast the device_mapping volume size to an int\n(https://github.com/ansible/ansible/pull/40938)\n\n* eos_logging - fix idempotency issues\n(https://github.com/ansible/ansible/pull/40604)\n\n* cache plugins - a cache timeout of 0 means the cache will not expire.\n\n* ios_logging - fix idempotency issues\n(https://github.com/ansible/ansible/pull/41029)\n\n* ios/nxos/eos_config - don\u0027t retrieve config in running_config when config\nis provided for diff (https://github.com/ansible/ansible/pull/41400)\n\n* nxos_banner - fix multiline banner issue\n(https://github.com/ansible/ansible/pull/41026).\n\n* nxos terminal plugin - fix output truncation\n(https://github.com/ansible/ansible/pull/40960)\n\n* nxos_l3_interface - fix no switchport issue with loopback and svi\ninterfaces (https://github.com/ansible/ansible/pull/37392).\n\n* nxos_snapshot - fix compare_option\n(https://github.com/ansible/ansible/pull/41386)\n\nSee\nhttps://github.com/ansible/ansible/blob/v2.5.5/changelogs/CHANGELOG-v2.5.rst\nfor details on this release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1949",
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1949.json"
}
],
"title": "Red Hat Security Advisory: ansible security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T18:05:14+00:00",
"generator": {
"date": "2025-11-21T18:05:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:1949",
"initial_release_date": "2018-06-19T19:27:30+00:00",
"revision_history": [
{
"date": "2018-06-19T19:27:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-19T19:27:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:05:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product": {
"name": "Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_engine:2.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Engine"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"product": {
"name": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"product_id": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-doc@2.5.5-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-0:2.5.5-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.5.5-1.el7ae.noarch",
"product_id": "ansible-0:2.5.5-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.5.5-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.5.5-1.el7ae.src",
"product": {
"name": "ansible-0:2.5.5-1.el7ae.src",
"product_id": "ansible-0:2.5.5-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.5.5-1.el7ae?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.5.5-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.5.5-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.5.5-1.el7ae.src as a component of Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.src"
},
"product_reference": "ansible-0:2.5.5-1.el7ae.src",
"relates_to_product_reference": "7Server-Ansible-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-0:2.5.5-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.5:ansible-doc-0:2.5.5-1.el7ae.noarch"
},
"product_reference": "ansible-doc-0:2.5.5-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.noarch",
"7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.src",
"7Server-Ansible-2.5:ansible-doc-0:2.5.5-1.el7ae.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-19T19:27:30+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.noarch",
"7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.src",
"7Server-Ansible-2.5:ansible-doc-0:2.5.5-1.el7ae.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.noarch",
"7Server-Ansible-2.5:ansible-0:2.5.5-1.el7ae.src",
"7Server-Ansible-2.5:ansible-doc-0:2.5.5-1.el7ae.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
}
]
}
RHSA-2018:2022
Vulnerability from csaf_redhat - Published: 2018-06-26 17:12 - Updated: 2025-11-21 18:05Summary
Red Hat Security Advisory: ansible security and bug fix update
Notes
Topic
An update for ansible is now available for Red Hat Ansible Engine 2.4 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
The following packages have been upgraded to a newer upstream version: ansible (2.4.5)
Security fix(es):
* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)
Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues.
Bug Fix(es):
* Fixed win_copy to preserve the global Ansible local tmp path instead of
deleting it when dealing with multiple files
(https://github.com/ansible/ansible/pull/37964)
* Fixed Windows setup.ps1 for slow performance in large domain environments
(https://github.com/ansible/ansible/pull/38646)
* Fixed eos_logging idempotency issue when trying to set both logging
destination & facility
(https://github.com/ansible/ansible/pull/40604)
* Fixed ios_logging idempotency issue when trying to set both logging
destination & facility
(https://github.com/ansible/ansible/pull/41076)
See https://github.com/ansible/ansible/blob/v2.4.5.0-1/CHANGELOG.md for details on this release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ansible is now available for Red Hat Ansible Engine 2.4 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.4.5)\n\nSecurity fix(es):\n\n* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues.\n\nBug Fix(es):\n\n* Fixed win_copy to preserve the global Ansible local tmp path instead of\n deleting it when dealing with multiple files\n (https://github.com/ansible/ansible/pull/37964)\n\n* Fixed Windows setup.ps1 for slow performance in large domain environments\n (https://github.com/ansible/ansible/pull/38646)\n\n* Fixed eos_logging idempotency issue when trying to set both logging \n destination \u0026 facility\n (https://github.com/ansible/ansible/pull/40604)\n\n* Fixed ios_logging idempotency issue when trying to set both logging \n destination \u0026 facility\n (https://github.com/ansible/ansible/pull/41076)\n\nSee https://github.com/ansible/ansible/blob/v2.4.5.0-1/CHANGELOG.md for details on this release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2022",
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2022.json"
}
],
"title": "Red Hat Security Advisory: ansible security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T18:05:20+00:00",
"generator": {
"date": "2025-11-21T18:05:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:2022",
"initial_release_date": "2018-06-26T17:12:33+00:00",
"revision_history": [
{
"date": "2018-06-26T17:12:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-26T17:12:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:05:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Engine 2.4 for RHEL 7 Server",
"product": {
"name": "Red Hat Ansible Engine 2.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_engine:2.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Engine"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"product": {
"name": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"product_id": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-doc@2.4.5.0-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-0:2.4.5.0-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.4.5.0-1.el7ae.noarch",
"product_id": "ansible-0:2.4.5.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.5.0-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.5.0-1.el7ae.src",
"product": {
"name": "ansible-0:2.4.5.0-1.el7ae.src",
"product_id": "ansible-0:2.4.5.0-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.5.0-1.el7ae?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.5.0-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.5.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.5.0-1.el7ae.src as a component of Red Hat Ansible Engine 2.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.5.0-1.el7ae.src",
"relates_to_product_reference": "7Server-Ansible-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-0:2.4.5.0-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.4:ansible-doc-0:2.4.5.0-1.el7ae.noarch"
},
"product_reference": "ansible-doc-0:2.4.5.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.noarch",
"7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.src",
"7Server-Ansible-2.4:ansible-doc-0:2.4.5.0-1.el7ae.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-26T17:12:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.noarch",
"7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.src",
"7Server-Ansible-2.4:ansible-doc-0:2.4.5.0-1.el7ae.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.noarch",
"7Server-Ansible-2.4:ansible-0:2.4.5.0-1.el7ae.src",
"7Server-Ansible-2.4:ansible-doc-0:2.4.5.0-1.el7ae.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
}
]
}
OPENSUSE-SU-2024:10615-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ansible-2.9.24-1.2 on GA media
Notes
Title of the patch
ansible-2.9.24-1.2 on GA media
Description of the patch
These are all security issues fixed in the ansible-2.9.24-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10615
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ansible-2.9.24-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ansible-2.9.24-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10615",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10615-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9587 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7466 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7481 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7550 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10855 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16837 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16859 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16876 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10156 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10206 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10217 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14846 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14856 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14858 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14864 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14904 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14905 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3828 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10684 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10685 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10691 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10729 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14330 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14332 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1733 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1734 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1735 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1736 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1737 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1738 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1739 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1740 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1744 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1746 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1753 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20178 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20180 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20191 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20228 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3583 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3583/"
}
],
"title": "ansible-2.9.24-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10615-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ansible-2.9.24-1.2.aarch64",
"product": {
"name": "ansible-2.9.24-1.2.aarch64",
"product_id": "ansible-2.9.24-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "ansible-doc-2.9.24-1.2.aarch64",
"product": {
"name": "ansible-doc-2.9.24-1.2.aarch64",
"product_id": "ansible-doc-2.9.24-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "ansible-test-2.9.24-1.2.aarch64",
"product": {
"name": "ansible-test-2.9.24-1.2.aarch64",
"product_id": "ansible-test-2.9.24-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-2.9.24-1.2.ppc64le",
"product": {
"name": "ansible-2.9.24-1.2.ppc64le",
"product_id": "ansible-2.9.24-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ansible-doc-2.9.24-1.2.ppc64le",
"product": {
"name": "ansible-doc-2.9.24-1.2.ppc64le",
"product_id": "ansible-doc-2.9.24-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ansible-test-2.9.24-1.2.ppc64le",
"product": {
"name": "ansible-test-2.9.24-1.2.ppc64le",
"product_id": "ansible-test-2.9.24-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-2.9.24-1.2.s390x",
"product": {
"name": "ansible-2.9.24-1.2.s390x",
"product_id": "ansible-2.9.24-1.2.s390x"
}
},
{
"category": "product_version",
"name": "ansible-doc-2.9.24-1.2.s390x",
"product": {
"name": "ansible-doc-2.9.24-1.2.s390x",
"product_id": "ansible-doc-2.9.24-1.2.s390x"
}
},
{
"category": "product_version",
"name": "ansible-test-2.9.24-1.2.s390x",
"product": {
"name": "ansible-test-2.9.24-1.2.s390x",
"product_id": "ansible-test-2.9.24-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-2.9.24-1.2.x86_64",
"product": {
"name": "ansible-2.9.24-1.2.x86_64",
"product_id": "ansible-2.9.24-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "ansible-doc-2.9.24-1.2.x86_64",
"product": {
"name": "ansible-doc-2.9.24-1.2.x86_64",
"product_id": "ansible-doc-2.9.24-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "ansible-test-2.9.24-1.2.x86_64",
"product": {
"name": "ansible-test-2.9.24-1.2.x86_64",
"product_id": "ansible-test-2.9.24-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-2.9.24-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64"
},
"product_reference": "ansible-2.9.24-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-2.9.24-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le"
},
"product_reference": "ansible-2.9.24-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-2.9.24-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x"
},
"product_reference": "ansible-2.9.24-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-2.9.24-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64"
},
"product_reference": "ansible-2.9.24-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-2.9.24-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64"
},
"product_reference": "ansible-doc-2.9.24-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-2.9.24-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le"
},
"product_reference": "ansible-doc-2.9.24-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-2.9.24-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x"
},
"product_reference": "ansible-doc-2.9.24-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-2.9.24-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64"
},
"product_reference": "ansible-doc-2.9.24-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.9.24-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64"
},
"product_reference": "ansible-test-2.9.24-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.9.24-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le"
},
"product_reference": "ansible-test-2.9.24-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.9.24-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x"
},
"product_reference": "ansible-test-2.9.24-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.9.24-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
},
"product_reference": "ansible-test-2.9.24-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9587"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9587",
"url": "https://www.suse.com/security/cve/CVE-2016-9587"
},
{
"category": "external",
"summary": "SUSE Bug 1019021 for CVE-2016-9587",
"url": "https://bugzilla.suse.com/1019021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-9587"
},
{
"cve": "CVE-2017-7466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7466"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7466",
"url": "https://www.suse.com/security/cve/CVE-2017-7466"
},
{
"category": "external",
"summary": "SUSE Bug 1019021 for CVE-2017-7466",
"url": "https://bugzilla.suse.com/1019021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7466"
},
{
"cve": "CVE-2017-7481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7481"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as \u0027unsafe\u0027 and is not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7481",
"url": "https://www.suse.com/security/cve/CVE-2017-7481"
},
{
"category": "external",
"summary": "SUSE Bug 1038785 for CVE-2017-7481",
"url": "https://bugzilla.suse.com/1038785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7481"
},
{
"cve": "CVE-2017-7550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7550"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host\u0027s logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7550",
"url": "https://www.suse.com/security/cve/CVE-2017-7550"
},
{
"category": "external",
"summary": "SUSE Bug 1035124 for CVE-2017-7550",
"url": "https://bugzilla.suse.com/1035124"
},
{
"category": "external",
"summary": "SUSE Bug 1065872 for CVE-2017-7550",
"url": "https://bugzilla.suse.com/1065872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7550"
},
{
"cve": "CVE-2018-10855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10855"
}
],
"notes": [
{
"category": "general",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10855",
"url": "https://www.suse.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "SUSE Bug 1097775 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1097775"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10855"
},
{
"cve": "CVE-2018-10875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10875"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10875",
"url": "https://www.suse.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-10875"
},
{
"cve": "CVE-2018-16837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16837"
}
],
"notes": [
{
"category": "general",
"text": "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16837",
"url": "https://www.suse.com/security/cve/CVE-2018-16837"
},
{
"category": "external",
"summary": "SUSE Bug 1112959 for CVE-2018-16837",
"url": "https://bugzilla.suse.com/1112959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16837"
},
{
"cve": "CVE-2018-16859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16859"
}
],
"notes": [
{
"category": "general",
"text": "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for \u0027become\u0027 passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16859",
"url": "https://www.suse.com/security/cve/CVE-2018-16859"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-16859",
"url": "https://bugzilla.suse.com/1109957"
},
{
"category": "external",
"summary": "SUSE Bug 1116587 for CVE-2018-16859",
"url": "https://bugzilla.suse.com/1116587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16859"
},
{
"cve": "CVE-2018-16876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16876"
}
],
"notes": [
{
"category": "general",
"text": "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16876",
"url": "https://www.suse.com/security/cve/CVE-2018-16876"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-16876",
"url": "https://bugzilla.suse.com/1109957"
},
{
"category": "external",
"summary": "SUSE Bug 1118896 for CVE-2018-16876",
"url": "https://bugzilla.suse.com/1118896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-16876"
},
{
"cve": "CVE-2019-10156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10156"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10156",
"url": "https://www.suse.com/security/cve/CVE-2019-10156"
},
{
"category": "external",
"summary": "SUSE Bug 1137528 for CVE-2019-10156",
"url": "https://bugzilla.suse.com/1137528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10156"
},
{
"cve": "CVE-2019-10206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10206"
}
],
"notes": [
{
"category": "general",
"text": "ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10206",
"url": "https://www.suse.com/security/cve/CVE-2019-10206"
},
{
"category": "external",
"summary": "SUSE Bug 1142690 for CVE-2019-10206",
"url": "https://bugzilla.suse.com/1142690"
},
{
"category": "external",
"summary": "SUSE Bug 1154232 for CVE-2019-10206",
"url": "https://bugzilla.suse.com/1154232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10206"
},
{
"cve": "CVE-2019-10217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10217"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10217",
"url": "https://www.suse.com/security/cve/CVE-2019-10217"
},
{
"category": "external",
"summary": "SUSE Bug 1144453 for CVE-2019-10217",
"url": "https://bugzilla.suse.com/1144453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10217"
},
{
"cve": "CVE-2019-14846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14846"
}
],
"notes": [
{
"category": "general",
"text": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14846",
"url": "https://www.suse.com/security/cve/CVE-2019-14846"
},
{
"category": "external",
"summary": "SUSE Bug 1153452 for CVE-2019-14846",
"url": "https://bugzilla.suse.com/1153452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14846"
},
{
"cve": "CVE-2019-14856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14856"
}
],
"notes": [
{
"category": "general",
"text": "ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14856",
"url": "https://www.suse.com/security/cve/CVE-2019-14856"
},
{
"category": "external",
"summary": "SUSE Bug 1154232 for CVE-2019-14856",
"url": "https://bugzilla.suse.com/1154232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14856"
},
{
"cve": "CVE-2019-14858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14858"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14858",
"url": "https://www.suse.com/security/cve/CVE-2019-14858"
},
{
"category": "external",
"summary": "SUSE Bug 1154231 for CVE-2019-14858",
"url": "https://bugzilla.suse.com/1154231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14858"
},
{
"cve": "CVE-2019-14864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14864"
}
],
"notes": [
{
"category": "general",
"text": "Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14864",
"url": "https://www.suse.com/security/cve/CVE-2019-14864"
},
{
"category": "external",
"summary": "SUSE Bug 1154830 for CVE-2019-14864",
"url": "https://bugzilla.suse.com/1154830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14864"
},
{
"cve": "CVE-2019-14904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14904"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14904",
"url": "https://www.suse.com/security/cve/CVE-2019-14904"
},
{
"category": "external",
"summary": "SUSE Bug 1157968 for CVE-2019-14904",
"url": "https://bugzilla.suse.com/1157968"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14904"
},
{
"cve": "CVE-2019-14905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14905"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible\u0027s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14905",
"url": "https://www.suse.com/security/cve/CVE-2019-14905"
},
{
"category": "external",
"summary": "SUSE Bug 1157969 for CVE-2019-14905",
"url": "https://bugzilla.suse.com/1157969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14905"
},
{
"cve": "CVE-2019-3828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3828"
}
],
"notes": [
{
"category": "general",
"text": "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3828",
"url": "https://www.suse.com/security/cve/CVE-2019-3828"
},
{
"category": "external",
"summary": "SUSE Bug 1126503 for CVE-2019-3828",
"url": "https://bugzilla.suse.com/1126503"
},
{
"category": "external",
"summary": "SUSE Bug 1164137 for CVE-2019-3828",
"url": "https://bugzilla.suse.com/1164137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3828"
},
{
"cve": "CVE-2020-10684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10684"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10684",
"url": "https://www.suse.com/security/cve/CVE-2020-10684"
},
{
"category": "external",
"summary": "SUSE Bug 1167532 for CVE-2020-10684",
"url": "https://bugzilla.suse.com/1167532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-10684"
},
{
"cve": "CVE-2020-10685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10685"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10685",
"url": "https://www.suse.com/security/cve/CVE-2020-10685"
},
{
"category": "external",
"summary": "SUSE Bug 1167440 for CVE-2020-10685",
"url": "https://bugzilla.suse.com/1167440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10685"
},
{
"cve": "CVE-2020-10691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10691"
}
],
"notes": [
{
"category": "general",
"text": "An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10691",
"url": "https://www.suse.com/security/cve/CVE-2020-10691"
},
{
"category": "external",
"summary": "SUSE Bug 1167873 for CVE-2020-10691",
"url": "https://bugzilla.suse.com/1167873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10691"
},
{
"cve": "CVE-2020-10729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10729"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10729",
"url": "https://www.suse.com/security/cve/CVE-2020-10729"
},
{
"category": "external",
"summary": "SUSE Bug 1171162 for CVE-2020-10729",
"url": "https://bugzilla.suse.com/1171162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10729"
},
{
"cve": "CVE-2020-14330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14330"
}
],
"notes": [
{
"category": "general",
"text": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14330",
"url": "https://www.suse.com/security/cve/CVE-2020-14330"
},
{
"category": "external",
"summary": "SUSE Bug 1174145 for CVE-2020-14330",
"url": "https://bugzilla.suse.com/1174145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-14330"
},
{
"cve": "CVE-2020-14332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14332"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14332",
"url": "https://www.suse.com/security/cve/CVE-2020-14332"
},
{
"category": "external",
"summary": "SUSE Bug 1174302 for CVE-2020-14332",
"url": "https://bugzilla.suse.com/1174302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-14332"
},
{
"cve": "CVE-2020-1733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1733"
}
],
"notes": [
{
"category": "general",
"text": "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 \u0026\u0026 mkdir -p \u003cdir\u003e\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating \u0027/proc/\u003cpid\u003e/cmdline\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1733",
"url": "https://www.suse.com/security/cve/CVE-2020-1733"
},
{
"category": "external",
"summary": "SUSE Bug 1164140 for CVE-2020-1733",
"url": "https://bugzilla.suse.com/1164140"
},
{
"category": "external",
"summary": "SUSE Bug 1171823 for CVE-2020-1733",
"url": "https://bugzilla.suse.com/1171823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1733"
},
{
"cve": "CVE-2020-1734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1734"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1734",
"url": "https://www.suse.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "SUSE Bug 1164139 for CVE-2020-1734",
"url": "https://bugzilla.suse.com/1164139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-1734"
},
{
"cve": "CVE-2020-1735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1735"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1735",
"url": "https://www.suse.com/security/cve/CVE-2020-1735"
},
{
"category": "external",
"summary": "SUSE Bug 1164137 for CVE-2020-1735",
"url": "https://bugzilla.suse.com/1164137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1735"
},
{
"cve": "CVE-2020-1736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1736"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1736",
"url": "https://www.suse.com/security/cve/CVE-2020-1736"
},
{
"category": "external",
"summary": "SUSE Bug 1164134 for CVE-2020-1736",
"url": "https://bugzilla.suse.com/1164134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-1736"
},
{
"cve": "CVE-2020-1737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1737"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1737",
"url": "https://www.suse.com/security/cve/CVE-2020-1737"
},
{
"category": "external",
"summary": "SUSE Bug 1164138 for CVE-2020-1737",
"url": "https://bugzilla.suse.com/1164138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-1737"
},
{
"cve": "CVE-2020-1738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1738"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when the module package or service is used and the parameter \u0027use\u0027 is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1738",
"url": "https://www.suse.com/security/cve/CVE-2020-1738"
},
{
"category": "external",
"summary": "SUSE Bug 1164136 for CVE-2020-1738",
"url": "https://bugzilla.suse.com/1164136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1738"
},
{
"cve": "CVE-2020-1739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1739"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1739",
"url": "https://www.suse.com/security/cve/CVE-2020-1739"
},
{
"category": "external",
"summary": "SUSE Bug 1164133 for CVE-2020-1739",
"url": "https://bugzilla.suse.com/1164133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1739"
},
{
"cve": "CVE-2020-1740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1740"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1740",
"url": "https://www.suse.com/security/cve/CVE-2020-1740"
},
{
"category": "external",
"summary": "SUSE Bug 1164135 for CVE-2020-1740",
"url": "https://bugzilla.suse.com/1164135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-1740"
},
{
"cve": "CVE-2020-1744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1744"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1744",
"url": "https://www.suse.com/security/cve/CVE-2020-1744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1744"
},
{
"cve": "CVE-2020-1746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1746"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1746",
"url": "https://www.suse.com/security/cve/CVE-2020-1746"
},
{
"category": "external",
"summary": "SUSE Bug 1165393 for CVE-2020-1746",
"url": "https://bugzilla.suse.com/1165393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1746"
},
{
"cve": "CVE-2020-1753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1753"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1753",
"url": "https://www.suse.com/security/cve/CVE-2020-1753"
},
{
"category": "external",
"summary": "SUSE Bug 1166389 for CVE-2020-1753",
"url": "https://bugzilla.suse.com/1166389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1753"
},
{
"cve": "CVE-2021-20178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20178"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20178",
"url": "https://www.suse.com/security/cve/CVE-2021-20178"
},
{
"category": "external",
"summary": "SUSE Bug 1180816 for CVE-2021-20178",
"url": "https://bugzilla.suse.com/1180816"
},
{
"category": "external",
"summary": "SUSE Bug 1186493 for CVE-2021-20178",
"url": "https://bugzilla.suse.com/1186493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20178"
},
{
"cve": "CVE-2021-20180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20180"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20180",
"url": "https://www.suse.com/security/cve/CVE-2021-20180"
},
{
"category": "external",
"summary": "SUSE Bug 1180942 for CVE-2021-20180",
"url": "https://bugzilla.suse.com/1180942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20180"
},
{
"cve": "CVE-2021-20191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20191"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20191",
"url": "https://www.suse.com/security/cve/CVE-2021-20191"
},
{
"category": "external",
"summary": "SUSE Bug 1181119 for CVE-2021-20191",
"url": "https://bugzilla.suse.com/1181119"
},
{
"category": "external",
"summary": "SUSE Bug 1181935 for CVE-2021-20191",
"url": "https://bugzilla.suse.com/1181935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20191"
},
{
"cve": "CVE-2021-20228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20228"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20228",
"url": "https://www.suse.com/security/cve/CVE-2021-20228"
},
{
"category": "external",
"summary": "SUSE Bug 1181935 for CVE-2021-20228",
"url": "https://bugzilla.suse.com/1181935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20228"
},
{
"cve": "CVE-2021-3583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3583"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible, where a user\u0027s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3583",
"url": "https://www.suse.com/security/cve/CVE-2021-3583"
},
{
"category": "external",
"summary": "SUSE Bug 1188061 for CVE-2021-3583",
"url": "https://bugzilla.suse.com/1188061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2.x86_64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.aarch64",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.s390x",
"openSUSE Tumbleweed:ansible-test-2.9.24-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3583"
}
]
}
OPENSUSE-SU-2024:14244-1
Vulnerability from csaf_opensuse - Published: 2024-08-08 00:00 - Updated: 2024-08-08 00:00Summary
ansible-9-9.8.0-1.1 on GA media
Notes
Title of the patch
ansible-9-9.8.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the ansible-9-9.8.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14244
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ansible-9-9.8.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ansible-9-9.8.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14244",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14244-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4966 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4967 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3908 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3096 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9587 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7466 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7481 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7550 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10855 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16837 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16859 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16876 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10156 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10206 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10217 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14846 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14856 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14858 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14864 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14904 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14905 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3828 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10684 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10685 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10691 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10729 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14330 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14332 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1733 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1734 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1735 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1736 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1737 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1738 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1739 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1740 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1744 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1746 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1753 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20178 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20180 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20191 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20228 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3583 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3583/"
}
],
"title": "ansible-9-9.8.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-08-08T00:00:00Z",
"generator": {
"date": "2024-08-08T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14244-1",
"initial_release_date": "2024-08-08T00:00:00Z",
"revision_history": [
{
"date": "2024-08-08T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ansible-9-9.8.0-1.1.aarch64",
"product": {
"name": "ansible-9-9.8.0-1.1.aarch64",
"product_id": "ansible-9-9.8.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-9-9.8.0-1.1.ppc64le",
"product": {
"name": "ansible-9-9.8.0-1.1.ppc64le",
"product_id": "ansible-9-9.8.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-9-9.8.0-1.1.s390x",
"product": {
"name": "ansible-9-9.8.0-1.1.s390x",
"product_id": "ansible-9-9.8.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-9-9.8.0-1.1.x86_64",
"product": {
"name": "ansible-9-9.8.0-1.1.x86_64",
"product_id": "ansible-9-9.8.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-9-9.8.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64"
},
"product_reference": "ansible-9-9.8.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-9-9.8.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le"
},
"product_reference": "ansible-9-9.8.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-9-9.8.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x"
},
"product_reference": "ansible-9-9.8.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-9-9.8.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
},
"product_reference": "ansible-9-9.8.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-4966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4966"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before 1.6.7 does not prevent inventory data with \"{{\" and \"lookup\" substrings, and does not prevent remote data with \"{{\" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup(\u0027pipe\u0027) calls or (2) crafted Jinja2 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4966",
"url": "https://www.suse.com/security/cve/CVE-2014-4966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-4966"
},
{
"cve": "CVE-2014-4967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4967"
}
],
"notes": [
{
"category": "general",
"text": "Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing \" src=\" clause, (2) a trailing \" temp=\" clause, or (3) a trailing \" validate=\" clause accompanied by a shell command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4967",
"url": "https://www.suse.com/security/cve/CVE-2014-4967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-4967"
},
{
"cve": "CVE-2015-3908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3908"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3908",
"url": "https://www.suse.com/security/cve/CVE-2015-3908"
},
{
"category": "external",
"summary": "SUSE Bug 938161 for CVE-2015-3908",
"url": "https://bugzilla.suse.com/938161"
},
{
"category": "external",
"summary": "SUSE Bug 938399 for CVE-2015-3908",
"url": "https://bugzilla.suse.com/938399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-3908"
},
{
"cve": "CVE-2016-3096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3096"
}
],
"notes": [
{
"category": "general",
"text": "The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3096",
"url": "https://www.suse.com/security/cve/CVE-2016-3096"
},
{
"category": "external",
"summary": "SUSE Bug 973546 for CVE-2016-3096",
"url": "https://bugzilla.suse.com/973546"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-3096"
},
{
"cve": "CVE-2016-9587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9587"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9587",
"url": "https://www.suse.com/security/cve/CVE-2016-9587"
},
{
"category": "external",
"summary": "SUSE Bug 1019021 for CVE-2016-9587",
"url": "https://bugzilla.suse.com/1019021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-9587"
},
{
"cve": "CVE-2017-7466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7466"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7466",
"url": "https://www.suse.com/security/cve/CVE-2017-7466"
},
{
"category": "external",
"summary": "SUSE Bug 1019021 for CVE-2017-7466",
"url": "https://bugzilla.suse.com/1019021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7466"
},
{
"cve": "CVE-2017-7481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7481"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as \u0027unsafe\u0027 and is not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7481",
"url": "https://www.suse.com/security/cve/CVE-2017-7481"
},
{
"category": "external",
"summary": "SUSE Bug 1038785 for CVE-2017-7481",
"url": "https://bugzilla.suse.com/1038785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7481"
},
{
"cve": "CVE-2017-7550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7550"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host\u0027s logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7550",
"url": "https://www.suse.com/security/cve/CVE-2017-7550"
},
{
"category": "external",
"summary": "SUSE Bug 1035124 for CVE-2017-7550",
"url": "https://bugzilla.suse.com/1035124"
},
{
"category": "external",
"summary": "SUSE Bug 1065872 for CVE-2017-7550",
"url": "https://bugzilla.suse.com/1065872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7550"
},
{
"cve": "CVE-2018-10855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10855"
}
],
"notes": [
{
"category": "general",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10855",
"url": "https://www.suse.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "SUSE Bug 1097775 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1097775"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10855"
},
{
"cve": "CVE-2018-10875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10875"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10875",
"url": "https://www.suse.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-10875"
},
{
"cve": "CVE-2018-16837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16837"
}
],
"notes": [
{
"category": "general",
"text": "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16837",
"url": "https://www.suse.com/security/cve/CVE-2018-16837"
},
{
"category": "external",
"summary": "SUSE Bug 1112959 for CVE-2018-16837",
"url": "https://bugzilla.suse.com/1112959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16837"
},
{
"cve": "CVE-2018-16859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16859"
}
],
"notes": [
{
"category": "general",
"text": "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for \u0027become\u0027 passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16859",
"url": "https://www.suse.com/security/cve/CVE-2018-16859"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-16859",
"url": "https://bugzilla.suse.com/1109957"
},
{
"category": "external",
"summary": "SUSE Bug 1116587 for CVE-2018-16859",
"url": "https://bugzilla.suse.com/1116587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16859"
},
{
"cve": "CVE-2018-16876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16876"
}
],
"notes": [
{
"category": "general",
"text": "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16876",
"url": "https://www.suse.com/security/cve/CVE-2018-16876"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-16876",
"url": "https://bugzilla.suse.com/1109957"
},
{
"category": "external",
"summary": "SUSE Bug 1118896 for CVE-2018-16876",
"url": "https://bugzilla.suse.com/1118896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-16876"
},
{
"cve": "CVE-2019-10156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10156"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10156",
"url": "https://www.suse.com/security/cve/CVE-2019-10156"
},
{
"category": "external",
"summary": "SUSE Bug 1137528 for CVE-2019-10156",
"url": "https://bugzilla.suse.com/1137528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10156"
},
{
"cve": "CVE-2019-10206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10206"
}
],
"notes": [
{
"category": "general",
"text": "ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10206",
"url": "https://www.suse.com/security/cve/CVE-2019-10206"
},
{
"category": "external",
"summary": "SUSE Bug 1142690 for CVE-2019-10206",
"url": "https://bugzilla.suse.com/1142690"
},
{
"category": "external",
"summary": "SUSE Bug 1154232 for CVE-2019-10206",
"url": "https://bugzilla.suse.com/1154232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10206"
},
{
"cve": "CVE-2019-10217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10217"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10217",
"url": "https://www.suse.com/security/cve/CVE-2019-10217"
},
{
"category": "external",
"summary": "SUSE Bug 1144453 for CVE-2019-10217",
"url": "https://bugzilla.suse.com/1144453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10217"
},
{
"cve": "CVE-2019-14846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14846"
}
],
"notes": [
{
"category": "general",
"text": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14846",
"url": "https://www.suse.com/security/cve/CVE-2019-14846"
},
{
"category": "external",
"summary": "SUSE Bug 1153452 for CVE-2019-14846",
"url": "https://bugzilla.suse.com/1153452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14846"
},
{
"cve": "CVE-2019-14856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14856"
}
],
"notes": [
{
"category": "general",
"text": "ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14856",
"url": "https://www.suse.com/security/cve/CVE-2019-14856"
},
{
"category": "external",
"summary": "SUSE Bug 1154232 for CVE-2019-14856",
"url": "https://bugzilla.suse.com/1154232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14856"
},
{
"cve": "CVE-2019-14858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14858"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14858",
"url": "https://www.suse.com/security/cve/CVE-2019-14858"
},
{
"category": "external",
"summary": "SUSE Bug 1154231 for CVE-2019-14858",
"url": "https://bugzilla.suse.com/1154231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14858"
},
{
"cve": "CVE-2019-14864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14864"
}
],
"notes": [
{
"category": "general",
"text": "Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14864",
"url": "https://www.suse.com/security/cve/CVE-2019-14864"
},
{
"category": "external",
"summary": "SUSE Bug 1154830 for CVE-2019-14864",
"url": "https://bugzilla.suse.com/1154830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14864"
},
{
"cve": "CVE-2019-14904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14904"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14904",
"url": "https://www.suse.com/security/cve/CVE-2019-14904"
},
{
"category": "external",
"summary": "SUSE Bug 1157968 for CVE-2019-14904",
"url": "https://bugzilla.suse.com/1157968"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14904"
},
{
"cve": "CVE-2019-14905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14905"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible\u0027s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14905",
"url": "https://www.suse.com/security/cve/CVE-2019-14905"
},
{
"category": "external",
"summary": "SUSE Bug 1157969 for CVE-2019-14905",
"url": "https://bugzilla.suse.com/1157969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14905"
},
{
"cve": "CVE-2019-3828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3828"
}
],
"notes": [
{
"category": "general",
"text": "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3828",
"url": "https://www.suse.com/security/cve/CVE-2019-3828"
},
{
"category": "external",
"summary": "SUSE Bug 1126503 for CVE-2019-3828",
"url": "https://bugzilla.suse.com/1126503"
},
{
"category": "external",
"summary": "SUSE Bug 1164137 for CVE-2019-3828",
"url": "https://bugzilla.suse.com/1164137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3828"
},
{
"cve": "CVE-2020-10684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10684"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10684",
"url": "https://www.suse.com/security/cve/CVE-2020-10684"
},
{
"category": "external",
"summary": "SUSE Bug 1167532 for CVE-2020-10684",
"url": "https://bugzilla.suse.com/1167532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-10684"
},
{
"cve": "CVE-2020-10685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10685"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10685",
"url": "https://www.suse.com/security/cve/CVE-2020-10685"
},
{
"category": "external",
"summary": "SUSE Bug 1167440 for CVE-2020-10685",
"url": "https://bugzilla.suse.com/1167440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10685"
},
{
"cve": "CVE-2020-10691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10691"
}
],
"notes": [
{
"category": "general",
"text": "An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10691",
"url": "https://www.suse.com/security/cve/CVE-2020-10691"
},
{
"category": "external",
"summary": "SUSE Bug 1167873 for CVE-2020-10691",
"url": "https://bugzilla.suse.com/1167873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10691"
},
{
"cve": "CVE-2020-10729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10729"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10729",
"url": "https://www.suse.com/security/cve/CVE-2020-10729"
},
{
"category": "external",
"summary": "SUSE Bug 1171162 for CVE-2020-10729",
"url": "https://bugzilla.suse.com/1171162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10729"
},
{
"cve": "CVE-2020-14330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14330"
}
],
"notes": [
{
"category": "general",
"text": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14330",
"url": "https://www.suse.com/security/cve/CVE-2020-14330"
},
{
"category": "external",
"summary": "SUSE Bug 1174145 for CVE-2020-14330",
"url": "https://bugzilla.suse.com/1174145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-14330"
},
{
"cve": "CVE-2020-14332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14332"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14332",
"url": "https://www.suse.com/security/cve/CVE-2020-14332"
},
{
"category": "external",
"summary": "SUSE Bug 1174302 for CVE-2020-14332",
"url": "https://bugzilla.suse.com/1174302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-14332"
},
{
"cve": "CVE-2020-1733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1733"
}
],
"notes": [
{
"category": "general",
"text": "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 \u0026\u0026 mkdir -p \u003cdir\u003e\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating \u0027/proc/\u003cpid\u003e/cmdline\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1733",
"url": "https://www.suse.com/security/cve/CVE-2020-1733"
},
{
"category": "external",
"summary": "SUSE Bug 1164140 for CVE-2020-1733",
"url": "https://bugzilla.suse.com/1164140"
},
{
"category": "external",
"summary": "SUSE Bug 1171823 for CVE-2020-1733",
"url": "https://bugzilla.suse.com/1171823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1733"
},
{
"cve": "CVE-2020-1734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1734"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1734",
"url": "https://www.suse.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "SUSE Bug 1164139 for CVE-2020-1734",
"url": "https://bugzilla.suse.com/1164139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-1734"
},
{
"cve": "CVE-2020-1735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1735"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1735",
"url": "https://www.suse.com/security/cve/CVE-2020-1735"
},
{
"category": "external",
"summary": "SUSE Bug 1164137 for CVE-2020-1735",
"url": "https://bugzilla.suse.com/1164137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1735"
},
{
"cve": "CVE-2020-1736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1736"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1736",
"url": "https://www.suse.com/security/cve/CVE-2020-1736"
},
{
"category": "external",
"summary": "SUSE Bug 1164134 for CVE-2020-1736",
"url": "https://bugzilla.suse.com/1164134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-1736"
},
{
"cve": "CVE-2020-1737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1737"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1737",
"url": "https://www.suse.com/security/cve/CVE-2020-1737"
},
{
"category": "external",
"summary": "SUSE Bug 1164138 for CVE-2020-1737",
"url": "https://bugzilla.suse.com/1164138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-1737"
},
{
"cve": "CVE-2020-1738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1738"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when the module package or service is used and the parameter \u0027use\u0027 is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1738",
"url": "https://www.suse.com/security/cve/CVE-2020-1738"
},
{
"category": "external",
"summary": "SUSE Bug 1164136 for CVE-2020-1738",
"url": "https://bugzilla.suse.com/1164136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1738"
},
{
"cve": "CVE-2020-1739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1739"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1739",
"url": "https://www.suse.com/security/cve/CVE-2020-1739"
},
{
"category": "external",
"summary": "SUSE Bug 1164133 for CVE-2020-1739",
"url": "https://bugzilla.suse.com/1164133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1739"
},
{
"cve": "CVE-2020-1740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1740"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1740",
"url": "https://www.suse.com/security/cve/CVE-2020-1740"
},
{
"category": "external",
"summary": "SUSE Bug 1164135 for CVE-2020-1740",
"url": "https://bugzilla.suse.com/1164135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-1740"
},
{
"cve": "CVE-2020-1744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1744"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1744",
"url": "https://www.suse.com/security/cve/CVE-2020-1744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1744"
},
{
"cve": "CVE-2020-1746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1746"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1746",
"url": "https://www.suse.com/security/cve/CVE-2020-1746"
},
{
"category": "external",
"summary": "SUSE Bug 1165393 for CVE-2020-1746",
"url": "https://bugzilla.suse.com/1165393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1746"
},
{
"cve": "CVE-2020-1753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1753"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1753",
"url": "https://www.suse.com/security/cve/CVE-2020-1753"
},
{
"category": "external",
"summary": "SUSE Bug 1166389 for CVE-2020-1753",
"url": "https://bugzilla.suse.com/1166389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1753"
},
{
"cve": "CVE-2021-20178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20178"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20178",
"url": "https://www.suse.com/security/cve/CVE-2021-20178"
},
{
"category": "external",
"summary": "SUSE Bug 1180816 for CVE-2021-20178",
"url": "https://bugzilla.suse.com/1180816"
},
{
"category": "external",
"summary": "SUSE Bug 1186493 for CVE-2021-20178",
"url": "https://bugzilla.suse.com/1186493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20178"
},
{
"cve": "CVE-2021-20180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20180"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20180",
"url": "https://www.suse.com/security/cve/CVE-2021-20180"
},
{
"category": "external",
"summary": "SUSE Bug 1180942 for CVE-2021-20180",
"url": "https://bugzilla.suse.com/1180942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20180"
},
{
"cve": "CVE-2021-20191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20191"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20191",
"url": "https://www.suse.com/security/cve/CVE-2021-20191"
},
{
"category": "external",
"summary": "SUSE Bug 1181119 for CVE-2021-20191",
"url": "https://bugzilla.suse.com/1181119"
},
{
"category": "external",
"summary": "SUSE Bug 1181935 for CVE-2021-20191",
"url": "https://bugzilla.suse.com/1181935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20191"
},
{
"cve": "CVE-2021-20228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20228"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20228",
"url": "https://www.suse.com/security/cve/CVE-2021-20228"
},
{
"category": "external",
"summary": "SUSE Bug 1181935 for CVE-2021-20228",
"url": "https://bugzilla.suse.com/1181935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20228"
},
{
"cve": "CVE-2021-3583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3583"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible, where a user\u0027s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3583",
"url": "https://www.suse.com/security/cve/CVE-2021-3583"
},
{
"category": "external",
"summary": "SUSE Bug 1188061 for CVE-2021-3583",
"url": "https://bugzilla.suse.com/1188061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-9-9.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3583"
}
]
}
OPENSUSE-SU-2024:14536-1
Vulnerability from csaf_opensuse - Published: 2024-12-02 00:00 - Updated: 2024-12-02 00:00Summary
ansible-10-10.6.0-1.1 on GA media
Notes
Title of the patch
ansible-10-10.6.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the ansible-10-10.6.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14536
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ansible-10-10.6.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ansible-10-10.6.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14536",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14536-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14536-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7LWEIR2LXW4QRWCY6HDMLUO2OTX5OZIC/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14536-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7LWEIR2LXW4QRWCY6HDMLUO2OTX5OZIC/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4966 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4967 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3908 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3096 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9587 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7466 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7481 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7550 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10855 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16837 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16859 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16876 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10156 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10206 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10217 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14846 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14856 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14858 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14864 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14904 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14905 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3828 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10684 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10685 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10691 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10729 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14330 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14332 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1733 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1734 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1735 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1736 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1737 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1738 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1739 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1740 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1744 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1746 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1753 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20178 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20180 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20191 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20228 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3583 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3583/"
}
],
"title": "ansible-10-10.6.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-12-02T00:00:00Z",
"generator": {
"date": "2024-12-02T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14536-1",
"initial_release_date": "2024-12-02T00:00:00Z",
"revision_history": [
{
"date": "2024-12-02T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ansible-10-10.6.0-1.1.aarch64",
"product": {
"name": "ansible-10-10.6.0-1.1.aarch64",
"product_id": "ansible-10-10.6.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-10-10.6.0-1.1.ppc64le",
"product": {
"name": "ansible-10-10.6.0-1.1.ppc64le",
"product_id": "ansible-10-10.6.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-10-10.6.0-1.1.s390x",
"product": {
"name": "ansible-10-10.6.0-1.1.s390x",
"product_id": "ansible-10-10.6.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-10-10.6.0-1.1.x86_64",
"product": {
"name": "ansible-10-10.6.0-1.1.x86_64",
"product_id": "ansible-10-10.6.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-10-10.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64"
},
"product_reference": "ansible-10-10.6.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-10-10.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le"
},
"product_reference": "ansible-10-10.6.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-10-10.6.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x"
},
"product_reference": "ansible-10-10.6.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-10-10.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
},
"product_reference": "ansible-10-10.6.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-4966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4966"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before 1.6.7 does not prevent inventory data with \"{{\" and \"lookup\" substrings, and does not prevent remote data with \"{{\" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup(\u0027pipe\u0027) calls or (2) crafted Jinja2 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4966",
"url": "https://www.suse.com/security/cve/CVE-2014-4966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-4966"
},
{
"cve": "CVE-2014-4967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4967"
}
],
"notes": [
{
"category": "general",
"text": "Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing \" src=\" clause, (2) a trailing \" temp=\" clause, or (3) a trailing \" validate=\" clause accompanied by a shell command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4967",
"url": "https://www.suse.com/security/cve/CVE-2014-4967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-4967"
},
{
"cve": "CVE-2015-3908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3908"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3908",
"url": "https://www.suse.com/security/cve/CVE-2015-3908"
},
{
"category": "external",
"summary": "SUSE Bug 938161 for CVE-2015-3908",
"url": "https://bugzilla.suse.com/938161"
},
{
"category": "external",
"summary": "SUSE Bug 938399 for CVE-2015-3908",
"url": "https://bugzilla.suse.com/938399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-3908"
},
{
"cve": "CVE-2016-3096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3096"
}
],
"notes": [
{
"category": "general",
"text": "The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3096",
"url": "https://www.suse.com/security/cve/CVE-2016-3096"
},
{
"category": "external",
"summary": "SUSE Bug 973546 for CVE-2016-3096",
"url": "https://bugzilla.suse.com/973546"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-3096"
},
{
"cve": "CVE-2016-9587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9587"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9587",
"url": "https://www.suse.com/security/cve/CVE-2016-9587"
},
{
"category": "external",
"summary": "SUSE Bug 1019021 for CVE-2016-9587",
"url": "https://bugzilla.suse.com/1019021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-9587"
},
{
"cve": "CVE-2017-7466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7466"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7466",
"url": "https://www.suse.com/security/cve/CVE-2017-7466"
},
{
"category": "external",
"summary": "SUSE Bug 1019021 for CVE-2017-7466",
"url": "https://bugzilla.suse.com/1019021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7466"
},
{
"cve": "CVE-2017-7481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7481"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as \u0027unsafe\u0027 and is not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7481",
"url": "https://www.suse.com/security/cve/CVE-2017-7481"
},
{
"category": "external",
"summary": "SUSE Bug 1038785 for CVE-2017-7481",
"url": "https://bugzilla.suse.com/1038785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7481"
},
{
"cve": "CVE-2017-7550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7550"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host\u0027s logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7550",
"url": "https://www.suse.com/security/cve/CVE-2017-7550"
},
{
"category": "external",
"summary": "SUSE Bug 1035124 for CVE-2017-7550",
"url": "https://bugzilla.suse.com/1035124"
},
{
"category": "external",
"summary": "SUSE Bug 1065872 for CVE-2017-7550",
"url": "https://bugzilla.suse.com/1065872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7550"
},
{
"cve": "CVE-2018-10855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10855"
}
],
"notes": [
{
"category": "general",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10855",
"url": "https://www.suse.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "SUSE Bug 1097775 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1097775"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10855"
},
{
"cve": "CVE-2018-10875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10875"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10875",
"url": "https://www.suse.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-10875"
},
{
"cve": "CVE-2018-16837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16837"
}
],
"notes": [
{
"category": "general",
"text": "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16837",
"url": "https://www.suse.com/security/cve/CVE-2018-16837"
},
{
"category": "external",
"summary": "SUSE Bug 1112959 for CVE-2018-16837",
"url": "https://bugzilla.suse.com/1112959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16837"
},
{
"cve": "CVE-2018-16859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16859"
}
],
"notes": [
{
"category": "general",
"text": "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for \u0027become\u0027 passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16859",
"url": "https://www.suse.com/security/cve/CVE-2018-16859"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-16859",
"url": "https://bugzilla.suse.com/1109957"
},
{
"category": "external",
"summary": "SUSE Bug 1116587 for CVE-2018-16859",
"url": "https://bugzilla.suse.com/1116587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16859"
},
{
"cve": "CVE-2018-16876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16876"
}
],
"notes": [
{
"category": "general",
"text": "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16876",
"url": "https://www.suse.com/security/cve/CVE-2018-16876"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-16876",
"url": "https://bugzilla.suse.com/1109957"
},
{
"category": "external",
"summary": "SUSE Bug 1118896 for CVE-2018-16876",
"url": "https://bugzilla.suse.com/1118896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-16876"
},
{
"cve": "CVE-2019-10156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10156"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10156",
"url": "https://www.suse.com/security/cve/CVE-2019-10156"
},
{
"category": "external",
"summary": "SUSE Bug 1137528 for CVE-2019-10156",
"url": "https://bugzilla.suse.com/1137528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10156"
},
{
"cve": "CVE-2019-10206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10206"
}
],
"notes": [
{
"category": "general",
"text": "ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10206",
"url": "https://www.suse.com/security/cve/CVE-2019-10206"
},
{
"category": "external",
"summary": "SUSE Bug 1142690 for CVE-2019-10206",
"url": "https://bugzilla.suse.com/1142690"
},
{
"category": "external",
"summary": "SUSE Bug 1154232 for CVE-2019-10206",
"url": "https://bugzilla.suse.com/1154232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10206"
},
{
"cve": "CVE-2019-10217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10217"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10217",
"url": "https://www.suse.com/security/cve/CVE-2019-10217"
},
{
"category": "external",
"summary": "SUSE Bug 1144453 for CVE-2019-10217",
"url": "https://bugzilla.suse.com/1144453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10217"
},
{
"cve": "CVE-2019-14846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14846"
}
],
"notes": [
{
"category": "general",
"text": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14846",
"url": "https://www.suse.com/security/cve/CVE-2019-14846"
},
{
"category": "external",
"summary": "SUSE Bug 1153452 for CVE-2019-14846",
"url": "https://bugzilla.suse.com/1153452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14846"
},
{
"cve": "CVE-2019-14856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14856"
}
],
"notes": [
{
"category": "general",
"text": "ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14856",
"url": "https://www.suse.com/security/cve/CVE-2019-14856"
},
{
"category": "external",
"summary": "SUSE Bug 1154232 for CVE-2019-14856",
"url": "https://bugzilla.suse.com/1154232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14856"
},
{
"cve": "CVE-2019-14858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14858"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14858",
"url": "https://www.suse.com/security/cve/CVE-2019-14858"
},
{
"category": "external",
"summary": "SUSE Bug 1154231 for CVE-2019-14858",
"url": "https://bugzilla.suse.com/1154231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14858"
},
{
"cve": "CVE-2019-14864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14864"
}
],
"notes": [
{
"category": "general",
"text": "Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14864",
"url": "https://www.suse.com/security/cve/CVE-2019-14864"
},
{
"category": "external",
"summary": "SUSE Bug 1154830 for CVE-2019-14864",
"url": "https://bugzilla.suse.com/1154830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14864"
},
{
"cve": "CVE-2019-14904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14904"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14904",
"url": "https://www.suse.com/security/cve/CVE-2019-14904"
},
{
"category": "external",
"summary": "SUSE Bug 1157968 for CVE-2019-14904",
"url": "https://bugzilla.suse.com/1157968"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14904"
},
{
"cve": "CVE-2019-14905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14905"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible\u0027s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14905",
"url": "https://www.suse.com/security/cve/CVE-2019-14905"
},
{
"category": "external",
"summary": "SUSE Bug 1157969 for CVE-2019-14905",
"url": "https://bugzilla.suse.com/1157969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14905"
},
{
"cve": "CVE-2019-3828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3828"
}
],
"notes": [
{
"category": "general",
"text": "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3828",
"url": "https://www.suse.com/security/cve/CVE-2019-3828"
},
{
"category": "external",
"summary": "SUSE Bug 1126503 for CVE-2019-3828",
"url": "https://bugzilla.suse.com/1126503"
},
{
"category": "external",
"summary": "SUSE Bug 1164137 for CVE-2019-3828",
"url": "https://bugzilla.suse.com/1164137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3828"
},
{
"cve": "CVE-2020-10684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10684"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10684",
"url": "https://www.suse.com/security/cve/CVE-2020-10684"
},
{
"category": "external",
"summary": "SUSE Bug 1167532 for CVE-2020-10684",
"url": "https://bugzilla.suse.com/1167532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-10684"
},
{
"cve": "CVE-2020-10685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10685"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10685",
"url": "https://www.suse.com/security/cve/CVE-2020-10685"
},
{
"category": "external",
"summary": "SUSE Bug 1167440 for CVE-2020-10685",
"url": "https://bugzilla.suse.com/1167440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10685"
},
{
"cve": "CVE-2020-10691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10691"
}
],
"notes": [
{
"category": "general",
"text": "An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10691",
"url": "https://www.suse.com/security/cve/CVE-2020-10691"
},
{
"category": "external",
"summary": "SUSE Bug 1167873 for CVE-2020-10691",
"url": "https://bugzilla.suse.com/1167873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10691"
},
{
"cve": "CVE-2020-10729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10729"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10729",
"url": "https://www.suse.com/security/cve/CVE-2020-10729"
},
{
"category": "external",
"summary": "SUSE Bug 1171162 for CVE-2020-10729",
"url": "https://bugzilla.suse.com/1171162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10729"
},
{
"cve": "CVE-2020-14330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14330"
}
],
"notes": [
{
"category": "general",
"text": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14330",
"url": "https://www.suse.com/security/cve/CVE-2020-14330"
},
{
"category": "external",
"summary": "SUSE Bug 1174145 for CVE-2020-14330",
"url": "https://bugzilla.suse.com/1174145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-14330"
},
{
"cve": "CVE-2020-14332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14332"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14332",
"url": "https://www.suse.com/security/cve/CVE-2020-14332"
},
{
"category": "external",
"summary": "SUSE Bug 1174302 for CVE-2020-14332",
"url": "https://bugzilla.suse.com/1174302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-14332"
},
{
"cve": "CVE-2020-1733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1733"
}
],
"notes": [
{
"category": "general",
"text": "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 \u0026\u0026 mkdir -p \u003cdir\u003e\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating \u0027/proc/\u003cpid\u003e/cmdline\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1733",
"url": "https://www.suse.com/security/cve/CVE-2020-1733"
},
{
"category": "external",
"summary": "SUSE Bug 1164140 for CVE-2020-1733",
"url": "https://bugzilla.suse.com/1164140"
},
{
"category": "external",
"summary": "SUSE Bug 1171823 for CVE-2020-1733",
"url": "https://bugzilla.suse.com/1171823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1733"
},
{
"cve": "CVE-2020-1734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1734"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1734",
"url": "https://www.suse.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "SUSE Bug 1164139 for CVE-2020-1734",
"url": "https://bugzilla.suse.com/1164139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-1734"
},
{
"cve": "CVE-2020-1735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1735"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1735",
"url": "https://www.suse.com/security/cve/CVE-2020-1735"
},
{
"category": "external",
"summary": "SUSE Bug 1164137 for CVE-2020-1735",
"url": "https://bugzilla.suse.com/1164137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1735"
},
{
"cve": "CVE-2020-1736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1736"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1736",
"url": "https://www.suse.com/security/cve/CVE-2020-1736"
},
{
"category": "external",
"summary": "SUSE Bug 1164134 for CVE-2020-1736",
"url": "https://bugzilla.suse.com/1164134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-1736"
},
{
"cve": "CVE-2020-1737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1737"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1737",
"url": "https://www.suse.com/security/cve/CVE-2020-1737"
},
{
"category": "external",
"summary": "SUSE Bug 1164138 for CVE-2020-1737",
"url": "https://bugzilla.suse.com/1164138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-1737"
},
{
"cve": "CVE-2020-1738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1738"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when the module package or service is used and the parameter \u0027use\u0027 is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1738",
"url": "https://www.suse.com/security/cve/CVE-2020-1738"
},
{
"category": "external",
"summary": "SUSE Bug 1164136 for CVE-2020-1738",
"url": "https://bugzilla.suse.com/1164136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1738"
},
{
"cve": "CVE-2020-1739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1739"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1739",
"url": "https://www.suse.com/security/cve/CVE-2020-1739"
},
{
"category": "external",
"summary": "SUSE Bug 1164133 for CVE-2020-1739",
"url": "https://bugzilla.suse.com/1164133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1739"
},
{
"cve": "CVE-2020-1740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1740"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1740",
"url": "https://www.suse.com/security/cve/CVE-2020-1740"
},
{
"category": "external",
"summary": "SUSE Bug 1164135 for CVE-2020-1740",
"url": "https://bugzilla.suse.com/1164135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-1740"
},
{
"cve": "CVE-2020-1744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1744"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1744",
"url": "https://www.suse.com/security/cve/CVE-2020-1744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1744"
},
{
"cve": "CVE-2020-1746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1746"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1746",
"url": "https://www.suse.com/security/cve/CVE-2020-1746"
},
{
"category": "external",
"summary": "SUSE Bug 1165393 for CVE-2020-1746",
"url": "https://bugzilla.suse.com/1165393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1746"
},
{
"cve": "CVE-2020-1753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1753"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1753",
"url": "https://www.suse.com/security/cve/CVE-2020-1753"
},
{
"category": "external",
"summary": "SUSE Bug 1166389 for CVE-2020-1753",
"url": "https://bugzilla.suse.com/1166389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1753"
},
{
"cve": "CVE-2021-20178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20178"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20178",
"url": "https://www.suse.com/security/cve/CVE-2021-20178"
},
{
"category": "external",
"summary": "SUSE Bug 1180816 for CVE-2021-20178",
"url": "https://bugzilla.suse.com/1180816"
},
{
"category": "external",
"summary": "SUSE Bug 1186493 for CVE-2021-20178",
"url": "https://bugzilla.suse.com/1186493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20178"
},
{
"cve": "CVE-2021-20180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20180"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20180",
"url": "https://www.suse.com/security/cve/CVE-2021-20180"
},
{
"category": "external",
"summary": "SUSE Bug 1180942 for CVE-2021-20180",
"url": "https://bugzilla.suse.com/1180942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20180"
},
{
"cve": "CVE-2021-20191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20191"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20191",
"url": "https://www.suse.com/security/cve/CVE-2021-20191"
},
{
"category": "external",
"summary": "SUSE Bug 1181119 for CVE-2021-20191",
"url": "https://bugzilla.suse.com/1181119"
},
{
"category": "external",
"summary": "SUSE Bug 1181935 for CVE-2021-20191",
"url": "https://bugzilla.suse.com/1181935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20191"
},
{
"cve": "CVE-2021-20228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20228"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20228",
"url": "https://www.suse.com/security/cve/CVE-2021-20228"
},
{
"category": "external",
"summary": "SUSE Bug 1181935 for CVE-2021-20228",
"url": "https://bugzilla.suse.com/1181935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20228"
},
{
"cve": "CVE-2021-3583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3583"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible, where a user\u0027s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3583",
"url": "https://www.suse.com/security/cve/CVE-2021-3583"
},
{
"category": "external",
"summary": "SUSE Bug 1188061 for CVE-2021-3583",
"url": "https://bugzilla.suse.com/1188061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-10-10.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3583"
}
]
}
OPENSUSE-SU-2025:15753-1
Vulnerability from csaf_opensuse - Published: 2025-11-21 00:00 - Updated: 2025-11-21 00:00Summary
ansible-12-12.2.0-1.1 on GA media
Notes
Title of the patch
ansible-12-12.2.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the ansible-12-12.2.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15753
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ansible-12-12.2.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ansible-12-12.2.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15753",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15753-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4966 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4967 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3908 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3096 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9587 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7466 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7481 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7550 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10855 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16837 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16859 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16876 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10156 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10206 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10217 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14846 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14856 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14858 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14864 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14904 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14905 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3828 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10684 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10685 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10691 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10729 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14330 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14332 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1733 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1734 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1735 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1736 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1737 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1738 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1739 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1740 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1744 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1746 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1753 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20178 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20180 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20191 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20228 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3583 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3583/"
}
],
"title": "ansible-12-12.2.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-21T00:00:00Z",
"generator": {
"date": "2025-11-21T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15753-1",
"initial_release_date": "2025-11-21T00:00:00Z",
"revision_history": [
{
"date": "2025-11-21T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ansible-12-12.2.0-1.1.aarch64",
"product": {
"name": "ansible-12-12.2.0-1.1.aarch64",
"product_id": "ansible-12-12.2.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-12-12.2.0-1.1.ppc64le",
"product": {
"name": "ansible-12-12.2.0-1.1.ppc64le",
"product_id": "ansible-12-12.2.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-12-12.2.0-1.1.s390x",
"product": {
"name": "ansible-12-12.2.0-1.1.s390x",
"product_id": "ansible-12-12.2.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-12-12.2.0-1.1.x86_64",
"product": {
"name": "ansible-12-12.2.0-1.1.x86_64",
"product_id": "ansible-12-12.2.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-12-12.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64"
},
"product_reference": "ansible-12-12.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-12-12.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le"
},
"product_reference": "ansible-12-12.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-12-12.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x"
},
"product_reference": "ansible-12-12.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-12-12.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
},
"product_reference": "ansible-12-12.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-4966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4966"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before 1.6.7 does not prevent inventory data with \"{{\" and \"lookup\" substrings, and does not prevent remote data with \"{{\" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup(\u0027pipe\u0027) calls or (2) crafted Jinja2 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4966",
"url": "https://www.suse.com/security/cve/CVE-2014-4966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-4966"
},
{
"cve": "CVE-2014-4967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4967"
}
],
"notes": [
{
"category": "general",
"text": "Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing \" src=\" clause, (2) a trailing \" temp=\" clause, or (3) a trailing \" validate=\" clause accompanied by a shell command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4967",
"url": "https://www.suse.com/security/cve/CVE-2014-4967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-4967"
},
{
"cve": "CVE-2015-3908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3908"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3908",
"url": "https://www.suse.com/security/cve/CVE-2015-3908"
},
{
"category": "external",
"summary": "SUSE Bug 938161 for CVE-2015-3908",
"url": "https://bugzilla.suse.com/938161"
},
{
"category": "external",
"summary": "SUSE Bug 938399 for CVE-2015-3908",
"url": "https://bugzilla.suse.com/938399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-3908"
},
{
"cve": "CVE-2016-3096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3096"
}
],
"notes": [
{
"category": "general",
"text": "The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3096",
"url": "https://www.suse.com/security/cve/CVE-2016-3096"
},
{
"category": "external",
"summary": "SUSE Bug 973546 for CVE-2016-3096",
"url": "https://bugzilla.suse.com/973546"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-3096"
},
{
"cve": "CVE-2016-9587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9587"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9587",
"url": "https://www.suse.com/security/cve/CVE-2016-9587"
},
{
"category": "external",
"summary": "SUSE Bug 1019021 for CVE-2016-9587",
"url": "https://bugzilla.suse.com/1019021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-9587"
},
{
"cve": "CVE-2017-7466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7466"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7466",
"url": "https://www.suse.com/security/cve/CVE-2017-7466"
},
{
"category": "external",
"summary": "SUSE Bug 1019021 for CVE-2017-7466",
"url": "https://bugzilla.suse.com/1019021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7466"
},
{
"cve": "CVE-2017-7481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7481"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as \u0027unsafe\u0027 and is not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7481",
"url": "https://www.suse.com/security/cve/CVE-2017-7481"
},
{
"category": "external",
"summary": "SUSE Bug 1038785 for CVE-2017-7481",
"url": "https://bugzilla.suse.com/1038785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7481"
},
{
"cve": "CVE-2017-7550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7550"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host\u0027s logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7550",
"url": "https://www.suse.com/security/cve/CVE-2017-7550"
},
{
"category": "external",
"summary": "SUSE Bug 1035124 for CVE-2017-7550",
"url": "https://bugzilla.suse.com/1035124"
},
{
"category": "external",
"summary": "SUSE Bug 1065872 for CVE-2017-7550",
"url": "https://bugzilla.suse.com/1065872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7550"
},
{
"cve": "CVE-2018-10855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10855"
}
],
"notes": [
{
"category": "general",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10855",
"url": "https://www.suse.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "SUSE Bug 1097775 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1097775"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10855"
},
{
"cve": "CVE-2018-10875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10875"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10875",
"url": "https://www.suse.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-10875"
},
{
"cve": "CVE-2018-16837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16837"
}
],
"notes": [
{
"category": "general",
"text": "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16837",
"url": "https://www.suse.com/security/cve/CVE-2018-16837"
},
{
"category": "external",
"summary": "SUSE Bug 1112959 for CVE-2018-16837",
"url": "https://bugzilla.suse.com/1112959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16837"
},
{
"cve": "CVE-2018-16859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16859"
}
],
"notes": [
{
"category": "general",
"text": "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for \u0027become\u0027 passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16859",
"url": "https://www.suse.com/security/cve/CVE-2018-16859"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-16859",
"url": "https://bugzilla.suse.com/1109957"
},
{
"category": "external",
"summary": "SUSE Bug 1116587 for CVE-2018-16859",
"url": "https://bugzilla.suse.com/1116587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16859"
},
{
"cve": "CVE-2018-16876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16876"
}
],
"notes": [
{
"category": "general",
"text": "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16876",
"url": "https://www.suse.com/security/cve/CVE-2018-16876"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-16876",
"url": "https://bugzilla.suse.com/1109957"
},
{
"category": "external",
"summary": "SUSE Bug 1118896 for CVE-2018-16876",
"url": "https://bugzilla.suse.com/1118896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-16876"
},
{
"cve": "CVE-2019-10156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10156"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10156",
"url": "https://www.suse.com/security/cve/CVE-2019-10156"
},
{
"category": "external",
"summary": "SUSE Bug 1137528 for CVE-2019-10156",
"url": "https://bugzilla.suse.com/1137528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10156"
},
{
"cve": "CVE-2019-10206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10206"
}
],
"notes": [
{
"category": "general",
"text": "ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10206",
"url": "https://www.suse.com/security/cve/CVE-2019-10206"
},
{
"category": "external",
"summary": "SUSE Bug 1142690 for CVE-2019-10206",
"url": "https://bugzilla.suse.com/1142690"
},
{
"category": "external",
"summary": "SUSE Bug 1154232 for CVE-2019-10206",
"url": "https://bugzilla.suse.com/1154232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10206"
},
{
"cve": "CVE-2019-10217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10217"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10217",
"url": "https://www.suse.com/security/cve/CVE-2019-10217"
},
{
"category": "external",
"summary": "SUSE Bug 1144453 for CVE-2019-10217",
"url": "https://bugzilla.suse.com/1144453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10217"
},
{
"cve": "CVE-2019-14846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14846"
}
],
"notes": [
{
"category": "general",
"text": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14846",
"url": "https://www.suse.com/security/cve/CVE-2019-14846"
},
{
"category": "external",
"summary": "SUSE Bug 1153452 for CVE-2019-14846",
"url": "https://bugzilla.suse.com/1153452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14846"
},
{
"cve": "CVE-2019-14856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14856"
}
],
"notes": [
{
"category": "general",
"text": "ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14856",
"url": "https://www.suse.com/security/cve/CVE-2019-14856"
},
{
"category": "external",
"summary": "SUSE Bug 1154232 for CVE-2019-14856",
"url": "https://bugzilla.suse.com/1154232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14856"
},
{
"cve": "CVE-2019-14858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14858"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14858",
"url": "https://www.suse.com/security/cve/CVE-2019-14858"
},
{
"category": "external",
"summary": "SUSE Bug 1154231 for CVE-2019-14858",
"url": "https://bugzilla.suse.com/1154231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14858"
},
{
"cve": "CVE-2019-14864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14864"
}
],
"notes": [
{
"category": "general",
"text": "Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14864",
"url": "https://www.suse.com/security/cve/CVE-2019-14864"
},
{
"category": "external",
"summary": "SUSE Bug 1154830 for CVE-2019-14864",
"url": "https://bugzilla.suse.com/1154830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14864"
},
{
"cve": "CVE-2019-14904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14904"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14904",
"url": "https://www.suse.com/security/cve/CVE-2019-14904"
},
{
"category": "external",
"summary": "SUSE Bug 1157968 for CVE-2019-14904",
"url": "https://bugzilla.suse.com/1157968"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14904"
},
{
"cve": "CVE-2019-14905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14905"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible\u0027s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14905",
"url": "https://www.suse.com/security/cve/CVE-2019-14905"
},
{
"category": "external",
"summary": "SUSE Bug 1157969 for CVE-2019-14905",
"url": "https://bugzilla.suse.com/1157969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14905"
},
{
"cve": "CVE-2019-3828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3828"
}
],
"notes": [
{
"category": "general",
"text": "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3828",
"url": "https://www.suse.com/security/cve/CVE-2019-3828"
},
{
"category": "external",
"summary": "SUSE Bug 1126503 for CVE-2019-3828",
"url": "https://bugzilla.suse.com/1126503"
},
{
"category": "external",
"summary": "SUSE Bug 1164137 for CVE-2019-3828",
"url": "https://bugzilla.suse.com/1164137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-3828"
},
{
"cve": "CVE-2020-10684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10684"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10684",
"url": "https://www.suse.com/security/cve/CVE-2020-10684"
},
{
"category": "external",
"summary": "SUSE Bug 1167532 for CVE-2020-10684",
"url": "https://bugzilla.suse.com/1167532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-10684"
},
{
"cve": "CVE-2020-10685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10685"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10685",
"url": "https://www.suse.com/security/cve/CVE-2020-10685"
},
{
"category": "external",
"summary": "SUSE Bug 1167440 for CVE-2020-10685",
"url": "https://bugzilla.suse.com/1167440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10685"
},
{
"cve": "CVE-2020-10691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10691"
}
],
"notes": [
{
"category": "general",
"text": "An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10691",
"url": "https://www.suse.com/security/cve/CVE-2020-10691"
},
{
"category": "external",
"summary": "SUSE Bug 1167873 for CVE-2020-10691",
"url": "https://bugzilla.suse.com/1167873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10691"
},
{
"cve": "CVE-2020-10729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10729"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10729",
"url": "https://www.suse.com/security/cve/CVE-2020-10729"
},
{
"category": "external",
"summary": "SUSE Bug 1171162 for CVE-2020-10729",
"url": "https://bugzilla.suse.com/1171162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10729"
},
{
"cve": "CVE-2020-14330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14330"
}
],
"notes": [
{
"category": "general",
"text": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14330",
"url": "https://www.suse.com/security/cve/CVE-2020-14330"
},
{
"category": "external",
"summary": "SUSE Bug 1174145 for CVE-2020-14330",
"url": "https://bugzilla.suse.com/1174145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-14330"
},
{
"cve": "CVE-2020-14332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14332"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14332",
"url": "https://www.suse.com/security/cve/CVE-2020-14332"
},
{
"category": "external",
"summary": "SUSE Bug 1174302 for CVE-2020-14332",
"url": "https://bugzilla.suse.com/1174302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-14332"
},
{
"cve": "CVE-2020-1733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1733"
}
],
"notes": [
{
"category": "general",
"text": "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 \u0026\u0026 mkdir -p \u003cdir\u003e\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating \u0027/proc/\u003cpid\u003e/cmdline\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1733",
"url": "https://www.suse.com/security/cve/CVE-2020-1733"
},
{
"category": "external",
"summary": "SUSE Bug 1164140 for CVE-2020-1733",
"url": "https://bugzilla.suse.com/1164140"
},
{
"category": "external",
"summary": "SUSE Bug 1171823 for CVE-2020-1733",
"url": "https://bugzilla.suse.com/1171823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1733"
},
{
"cve": "CVE-2020-1734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1734"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1734",
"url": "https://www.suse.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "SUSE Bug 1164139 for CVE-2020-1734",
"url": "https://bugzilla.suse.com/1164139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-1734"
},
{
"cve": "CVE-2020-1735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1735"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1735",
"url": "https://www.suse.com/security/cve/CVE-2020-1735"
},
{
"category": "external",
"summary": "SUSE Bug 1164137 for CVE-2020-1735",
"url": "https://bugzilla.suse.com/1164137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1735"
},
{
"cve": "CVE-2020-1736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1736"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1736",
"url": "https://www.suse.com/security/cve/CVE-2020-1736"
},
{
"category": "external",
"summary": "SUSE Bug 1164134 for CVE-2020-1736",
"url": "https://bugzilla.suse.com/1164134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-1736"
},
{
"cve": "CVE-2020-1737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1737"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1737",
"url": "https://www.suse.com/security/cve/CVE-2020-1737"
},
{
"category": "external",
"summary": "SUSE Bug 1164138 for CVE-2020-1737",
"url": "https://bugzilla.suse.com/1164138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-1737"
},
{
"cve": "CVE-2020-1738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1738"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when the module package or service is used and the parameter \u0027use\u0027 is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1738",
"url": "https://www.suse.com/security/cve/CVE-2020-1738"
},
{
"category": "external",
"summary": "SUSE Bug 1164136 for CVE-2020-1738",
"url": "https://bugzilla.suse.com/1164136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1738"
},
{
"cve": "CVE-2020-1739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1739"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1739",
"url": "https://www.suse.com/security/cve/CVE-2020-1739"
},
{
"category": "external",
"summary": "SUSE Bug 1164133 for CVE-2020-1739",
"url": "https://bugzilla.suse.com/1164133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1739"
},
{
"cve": "CVE-2020-1740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1740"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1740",
"url": "https://www.suse.com/security/cve/CVE-2020-1740"
},
{
"category": "external",
"summary": "SUSE Bug 1164135 for CVE-2020-1740",
"url": "https://bugzilla.suse.com/1164135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-1740"
},
{
"cve": "CVE-2020-1744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1744"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1744",
"url": "https://www.suse.com/security/cve/CVE-2020-1744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1744"
},
{
"cve": "CVE-2020-1746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1746"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1746",
"url": "https://www.suse.com/security/cve/CVE-2020-1746"
},
{
"category": "external",
"summary": "SUSE Bug 1165393 for CVE-2020-1746",
"url": "https://bugzilla.suse.com/1165393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1746"
},
{
"cve": "CVE-2020-1753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1753"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1753",
"url": "https://www.suse.com/security/cve/CVE-2020-1753"
},
{
"category": "external",
"summary": "SUSE Bug 1166389 for CVE-2020-1753",
"url": "https://bugzilla.suse.com/1166389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1753"
},
{
"cve": "CVE-2021-20178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20178"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20178",
"url": "https://www.suse.com/security/cve/CVE-2021-20178"
},
{
"category": "external",
"summary": "SUSE Bug 1180816 for CVE-2021-20178",
"url": "https://bugzilla.suse.com/1180816"
},
{
"category": "external",
"summary": "SUSE Bug 1186493 for CVE-2021-20178",
"url": "https://bugzilla.suse.com/1186493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20178"
},
{
"cve": "CVE-2021-20180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20180"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20180",
"url": "https://www.suse.com/security/cve/CVE-2021-20180"
},
{
"category": "external",
"summary": "SUSE Bug 1180942 for CVE-2021-20180",
"url": "https://bugzilla.suse.com/1180942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20180"
},
{
"cve": "CVE-2021-20191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20191"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20191",
"url": "https://www.suse.com/security/cve/CVE-2021-20191"
},
{
"category": "external",
"summary": "SUSE Bug 1181119 for CVE-2021-20191",
"url": "https://bugzilla.suse.com/1181119"
},
{
"category": "external",
"summary": "SUSE Bug 1181935 for CVE-2021-20191",
"url": "https://bugzilla.suse.com/1181935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20191"
},
{
"cve": "CVE-2021-20228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20228"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20228",
"url": "https://www.suse.com/security/cve/CVE-2021-20228"
},
{
"category": "external",
"summary": "SUSE Bug 1181935 for CVE-2021-20228",
"url": "https://bugzilla.suse.com/1181935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20228"
},
{
"cve": "CVE-2021-3583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3583"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible, where a user\u0027s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3583",
"url": "https://www.suse.com/security/cve/CVE-2021-3583"
},
{
"category": "external",
"summary": "SUSE Bug 1188061 for CVE-2021-3583",
"url": "https://bugzilla.suse.com/1188061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-12-12.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3583"
}
]
}
OPENSUSE-SU-2019:0238-1
Vulnerability from csaf_opensuse - Published: 2019-02-23 08:23 - Updated: 2019-02-23 08:23Summary
Security update for ansible
Notes
Title of the patch
Security update for ansible
Description of the patch
This update for ansible fixes the following issues:
Security vulnerabilities fixed:
- CVE-2018-16876: Respect no_log on retry and high verbosity (bsc#1118896)
- CVE-2018-16859: Windows - prevent sensitive content from appearing in
scriptblock logging (bsc#1116587)
- CVE-2018-10855: Fixed the honouration of the no_log option with failed task
iterations (boo#1097775)
- CVE-2017-7466: Fixed an input validation vulnerability in Ansible's handling
of data sent from client systems
- CVE-2017-7481: Fixed a security issue with lookup return not tainting the
jinja2 environment (bsc#1038785)
Other bug fixes and changes:
- Update to version 2.7.6
* Added log message at -vvvv when using netconf connection listing connection details.
* Changes how ansible-connection names socket lock files. They now use the same name as the socket itself, and as such do not lock other attempts on connections to the same host, or cause issues with overly-long hostnames.
* Fix mandatory statement error for junos modules (https://github.com/ansible/ansible/pull/50138)
* Moved error in netconf connection plugin from at import to on connection.
* This reverts some changes from commit 723daf3. If a line is found in the file, exactly or via regexp matching, it must not be added again. insertafter/insertbefore options are used only when a line is to be inserted, to specify where it must be added.
* allow using openstack inventory plugin w/o a cache
* callbacks - Do not filter out exception, warnings, deprecations on failure when using debug (https://github.com/ansible/ansible/issues/47576)
* certificate_complete_chain - fix behavior when invalid file is parsed while reading intermediate or root certificates.
* copy - Ensure that the src file contents is converted to unicode in diff information so that it is properly wrapped by AnsibleUnsafeText to prevent unexpected templating of diff data in Python3 (https://github.com/ansible/ansible/issues/45717)
* correct behaviour of verify_file for vmware inventory plugin, it was always returning True
* dnf - fix issue where conf_file was not being loaded properly
* dnf - fix update_cache combined with install operation to not cause dnf transaction failure
* docker_container - fix network_mode idempotency if the container:<container-name> form is used (as opposed to container:<container-id>) (https://github.com/ansible/ansible/issues/49794)
* docker_container - warning when non-string env values are found, avoiding YAML parsing issues. Will be made an error in Ansible 2.8. (https://github.com/ansible/ansible/issues/49802)
* docker_swarm_service - Document labels and container_labels with correct type.
* docker_swarm_service - Document limit_memory and reserve_memory correctly on how to specify sizes.
* docker_swarm_service - Document minimal API version for configs and secrets.
* docker_swarm_service - fix use of Docker API so that services are not detected as present if there is an existing service whose name is a substring of the desired service
* docker_swarm_service - fixing falsely reporting update_order as changed when option is not used.
* document old option that was initally missed
* ec2_instance now respects check mode https://github.com/ansible/ansible/pull/46774
* fix for network_cli - ansible_command_timeout not working as expected (#49466)
* fix handling of firewalld port if protocol is missing
* fix lastpass lookup failure on python 3 (https://github.com/ansible/ansible/issues/42062)
* flatpak - Fixed Python 2/3 compatibility
* flatpak - Fixed issue where newer versions of flatpak failed on flatpak removal
* flatpak_remote - Fixed Python 2/3 compatibility
* gcp_compute_instance - fix crash when the instance metadata is not set
* grafana_dashboard - Fix a pair of unicode string handling issues with version checking (https://github.com/ansible/ansible/pull/49194)
* host execution order - Fix reverse_inventory not to change the order of the items before reversing on python2 and to not backtrace on python3
* icinga2_host - fixed the issue with not working use_proxy option of the module.
* influxdb_user - An unspecified password now sets the password to blank, except on existing users. This previously caused an unhandled exception.
* influxdb_user - Fixed unhandled exception when using invalid login credentials (https://github.com/ansible/ansible/issues/50131)
* openssl_* - fix error when path contains a file name without path.
* openssl_csr - fix problem with idempotency of keyUsage option.
* openssl_pkcs12 - now does proper path expansion for ca_certificates.
* os_security_group_rule - os_security_group_rule doesn't exit properly when secgroup doesn't exist and state=absent (https://github.com/ansible/ansible/issues/50057)
* paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent 'Authentication timeout' errors when a slow authentication step (>30s) happens with a host (https://github.com/ansible/ansible/issues/42596)
* purefa_facts and purefb_facts now correctly adds facts into main ansible_fact dictionary (https://github.com/ansible/ansible/pull/50349)
* reboot - add appropriate commands to make the plugin work with VMware ESXi (https://github.com/ansible/ansible/issues/48425)
* reboot - add support for rebooting AIX (https://github.com/ansible/ansible/issues/49712)
* reboot - gather distribution information in order to support Alpine and other distributions (https://github.com/ansible/ansible/issues/46723)
* reboot - search common paths for the shutdown command and use the full path to the binary rather than depending on the PATH of the remote system (https://github.com/ansible/ansible/issues/47131)
* reboot - use a common set of commands for older and newer Solaris and SunOS variants (https://github.com/ansible/ansible/pull/48986)
* redfish_utils - fix reference to local variable 'systems_service'
* setup - fix the rounding of the ansible_memtotal_mb value on VMWare vm's (https://github.com/ansible/ansible/issues/49608)
* vultr_server - fixed multiple ssh keys were not handled.
* win_copy - Fix copy of a dir that contains an empty directory - https://github.com/ansible/ansible/issues/50077
* win_firewall_rule - Remove invalid 'bypass' action
* win_lineinfile - Fix issue where a malformed json block was returned causing an error
* win_updates - Correctly report changes on success
- update to version 2.7.5
* ACME modules: improve error messages in some cases (include error returned by server).
* Added unit test for VMware module_utils.
* Also check stdout for interpreter errors for more intelligent messages to user
* Backported support for Devuan-based distribution
* Convert hostvars data in OpenShift inventory plugin to be serializable by ansible-inventory
* Fix AttributeError (Python 3 only) when an exception occurs while rendering a template
* Fix N3K power supply facts (https://github.com/ansible/ansible/pull/49150).
* Fix NameError nxos_facts (https://github.com/ansible/ansible/pull/48981).
* Fix VMware module utils for self usage.
* Fix error in OpenShift inventory plugin when a pod has errored and is empty
* Fix if the route table changed to none (https://github.com/ansible/ansible/pull/49533)
* Fix iosxr netconf plugin response namespace (https://github.com/ansible/ansible/pull/49300)
* Fix issues with nxos_install_os module for nxapi (https://github.com/ansible/ansible/pull/48811).
* Fix lldp and cdp neighbors information (https://github.com/ansible/ansible/pull/48318)(https://github.com/ansible/ansible/pull/48087)(https://github.com/ansible/ansible/pull/49024).
* Fix nxos_interface and nxos_linkagg Idempotence issue (https://github.com/ansible/ansible/pull/46437).
* Fix traceback when updating facts and the fact cache plugin was nonfunctional
* Fix using vault encrypted data with jinja2_native (https://github.com/ansible/ansible/issues/48950)
* Fixed: Make sure that the files excluded when extracting the archive are not checked. https://github.com/ansible/ansible/pull/45122
* Fixes issue where a password parameter was not set to no_log
* aci_rest - Fix issue ignoring custom port
* acme_account, acme_account_facts - in some cases, it could happen that the modules return information on disabled accounts accidentally returned by the ACME server.
* docker_swarm - decreased minimal required API version from 1.35 to 1.25; some features require API version 1.30 though.
* docker_swarm_service: fails because of default 'user: root' (https://github.com/ansible/ansible/issues/49199)
* ec2_metadata_facts - Parse IAM role name from the security credential field since the instance profile name is different
* fix azure_rm_image module use positional parameter (https://github.com/ansible/ansible/pull/49394)
* fixes an issue with dict_merge in network utils (https://github.com/ansible/ansible/pull/49474)
* gcp_utils - fix google auth scoping issue with application default credentials or google cloud engine credentials. Only scope credentials that can be scoped.
* mail - fix python 2.7 regression
* openstack - fix parameter handling when cloud provided as dict https://github.com/ansible/ansible/issues/42858
* os_user - Include domain parameter in user deletion https://github.com/ansible/ansible/issues/42901
* os_user - Include domain parameter in user lookup https://github.com/ansible/ansible/issues/42901
* ovirt_storage_connection - comparing passwords breaks idempotency in update_check (https://github.com/ansible/ansible/issues/48933)
* paramiko_ssh - improve log message to state the connection type
* reboot - use IndexError instead of TypeError in exception
* redis cache - Support version 3 of the redis python library (https://github.com/ansible/ansible/issues/49341)
* sensu_silence - Cast int for expire field to avoid call failure to sensu API.
* vmware_host_service_facts - handle exception when service package does not have package name.
* win_nssm - Switched to Argv-ToString for escaping NSSM credentials (https://github.com/ansible/ansible/issues/48728)
* zabbix_hostmacro - Added missing validate_certs logic for running module against Zabbix servers with untrused SSL certificates (https://github.com/ansible/ansible/issues/47611)
* zabbix_hostmacro - Fixed support for user macros with context (https://github.com/ansible/ansible/issues/46953)
- update to version 2.7.4
* powershell - add lib/ansible/executor/powershell to the packaging data
- update to version 2.7.3
* Fix the issue that FTD HTTP API retries authentication-related HTTP requests
* Fix the issue that module fails when the Swagger model does not have required fields
* Fix the issue with comparing string-like objects
* Fix using omit on play keywords
* apt_key - Disable TTY requirement in GnuPG for the module to work correctly
when SSH pipelining is enabled
* better error message when bad type in config, deal with EVNAR= more gracefully
* configuration retrieval would fail on non primed plugins
* cs_template - Fixed a KeyError on state=extracted
* docker_container - fix idempotency problems with docker-py caused by previous
init idempotency fix
* docker_container - fix interplay of docker-py version check with argument_spec
validation improvements
* docker_network - driver_options containing Python booleans would cause Docker
to throw exceptions
* ec2_group - Fix comparison of determining which rules to purge by ignoring descriptions
* pip module - fix setuptools/distutils replacement
* sysvinit - enabling a service should use 'defaults' if no runlevels are specified
- update to version 2.7.2
* Minor changes
- update to 2.7.1
* Minor changes
- update to 2.7.0
* Allow config to enable native jinja types
* Remove support for simplejson
* yum and dnf modules now at feature parity
* Security Fix - avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir
* Security Fix - avoid using ansible.cfg in a world writable dir
* Some connection exception would cause no_log specified on a task to be ignored (stdout info disclosure)
* Fix glob path of rc.d (SUSE-specific)
* Fix lambda_policy updates
* Fix alt linux detection/matching
- update to 2.6.4
* Add md5sum check in nxos_file_copy module
* Allow arbitrary log_driver for docker_container
* Fix Python2.6 regex bug terminal plugin nxos, iosxr
* Fix check_mode in nxos_static_route module
* Fix glob path of rc.d Some distribtuions like SUSE has the rc%.d
directories under /etc/init.d
* Fix network config diff issue for lines
* Fixed an issue where ansible_facts.pkg_mgr would incorrectly set
to zypper on Debian/Ubuntu systems that happened to have the
command installed
* The docker_* modules respect the DOCKER_* environment variables again
* The fix for CVE-2018-10875 prints out a warning message about
skipping a config file from a world writable current working directory.
However, if the user is in a world writable current working directory
which does not contain a config file, it should not print a warning
message. This release fixes that extaneous warning.
* To resolve nios_network issue where vendor-encapsulated-options
can not have a use_option flag.
* To resolve the issue of handling exception for Nios lookup gracefully.
* always correctly template no log for tasks
* ansible-galaxy - properly list all roles in roles_path
* basic.py - catch ValueError in case a FIPS enabled platform
raises this exception
* docker_container: fixing working_dir idempotency problem
* docker_container: makes unit parsing for memory sizes more consistent,
and fixes idempotency problem when kernel_memory is set
* fix example code for AWS lightsail documentation
* fix the enable_snat parameter that is only supposed to be used by
an user with the right policies.
* fixes docker_container check and debug mode
* improves docker_container idempotency
* ios_l2_interface - fix bug when list of vlans ends with comma
* ios_l2_interface - fix issue with certain interface types
* ios_user - fix unable to delete user admin issue
* ios_vlan - fix unable to work on certain interface types issue
* nxos_facts test lldp feature and fix nxapi check_rc
* nxos_interface port-channel idempotence fix for mode
* nxos_linkagg mode fix
* nxos_system idempotence fix
* nxos_vlan refactor to support non structured output
* one_host - fixes settings via environment variables
* use retry_json nxos_banner
* user - Strip trailing comments in /etc/default/passwd
* user - when creating a new user without an expiration date,
properly set no expiration rather that expirining the account
* win_domain_computer - fixed deletion of computer active directory
object that have dependent objects
* win_domain_computer - fixed error in diff_support
* win_domain_computer - fixed error when description parameter is empty
* win_psexec - changed code to not escape the command option when building the args
* win_uri -- Fix support for JSON output when charset is set
* win_wait_for - fix issue where timeout doesn't wait unless state=drained
- update to 2.6.3
* Fix lxd module to be idempotent when the given configuration for
the lxd container has not changed
* Fix setting value type to str to avoid conversion during template
read. Fix Idempotency in case of 'no key'.
* Fix the mount module's handling of swap entries in fstab
* The fix for (CVE-2018-10875) prints out a warning message about
skipping a config file from a world writable current working
directory. However, if the user explicitly specifies that the
config file should be used via the ANSIBLE_CONFIG environment
variable then Ansible would honor that but still print out the
warning message. This has been fixed so that Ansible honors the
user's explicit wishes and does not print a warning message in
that circumstance.
* To fix the bug where existing host_record was deleted when existing
record name is used with different IP.
* VMware handle pnic in proxyswitch
* fix azure security group cannot add rules when purge_rule set to false.
* fix azure_rm_deployment collect tags from existing Resource Group.
* fix azure_rm_loadbalancer_facts list takes at least 2 arguments.
* fix for the bundled selectors module (used in the ssh and local
connection plugins) when a syscall is restarted after being
interrupted by a signal
* get_url - fix the bug that get_url does not change mode when checksum matches
* nicer error when multiprocessing breaks
* openssl_certificate - Convert valid_date to bytes for conversion
* openstack_inventory.py dynamic inventory file fixed the plugin to the
script so that it will work with current ansible-inventory. Also
redirect stdout before dumping the ouptput, because not doing so will
cause JSON parse errors in some cases.
* slack callback - Fix invocation by looking up data from cli.options
* sysvinit module: handle values of optional parameters. Don't disable
service when enabled parameter isn't set. Fix command when arguments
parameter isn't set.
* vars_prompt - properly template play level variables in vars_prompt
* win_domain - ensure the Netlogon service is up and running after
promoting host to controller
* win_domain_controller - ensure the Netlogon service is up and running
after promoting host to controller
- update to 2.6.2
+ Add text output along with structured output in nxos_facts
+ Allow more than one page of results by using the right pagination
indicator ('NextMarker' instead of 'NextToken').
+ Fix an atomic_move error that is 'true', but misleading.
Now we show all 3 files involved and clarify what happened.
+ Fix eos_l2_interface eapi.
+ Fix fetching old style facts in junos_facts module
+ Fix get_device_info nxos zero or more whitespace regex
+ Fix nxos CI failures
+ Fix nxos_nxapi default http behavior
+ Fix nxos_vxlan_vtep_vni
+ Fix regex network_os_platform nxos
+ Refactor nxos cliconf get_device_info for non structured
output supported devices
+ To fix the NoneType error raised in ios_l2_interface when
Access Mode VLAN is unassigned
+ emtpy host/group name is an error
+ fix default SSL version for docker modules
+ fix mail module when using starttls
+ fix nmap config example
+ fix ps detection of service
+ fix the remote tmp folder permissions issue when becoming a non
admin user
+ fix typoe in sysvinit that breaks update.rc-d detection
+ fixes docker_container compatibilty with docker-py < 2.2
+ get_capabilities in nxapi module_utils should not return empty dictionary
+ inventory - When using an inventory directory, ensure extension
comparison uses text types
+ ios_vlan - fix unable to identify correct vlans issue
+ nxos_facts warning message improved
+ openvswitch_db - make 'key' argument optional
+ pause - do not set stdout to raw mode when redirecting to a file
+ pause - nest try except when importing curses to gracefully fail
if curses is not present
+ plugins/inventory/openstack.py - Do not create group with empty
name if region is not set
+ preseve delegation info on nolog
+ remove ambiguity when it comes to 'the source'
+ remove dupes from var precedence
+ restores filtering out conflicting facts
+ user - fix bug that resulted in module always reporting a change when
specifiying the home directory on FreeBSD
+ user - use correct attribute name in FreeBSD for creat_home
+ vultr - Do not fail trying to load configuration from ini files if
required variables have been set as environment variables.
+ vyos_command correcting conditionals looping
+ win_chocolatey - enable TLSv1.2 support when downloading the
Chocolatey installer
+ win_reboot - fix for handling an already scheduled reboot and other
minor log formatting issues
+ win_reboot - fix issue when overridding connection timeout hung
the post reboot uptime check
+ win_reboot - handle post reboots when running test_command
+ win_security_policy - allows an empty string to reset a policy value
+ win_share - discard any cmdlet output we don't use to ensure only the
return json is received by Ansible
+ win_unzip - discard any cmdlet output we don't use to ensure only the
return json is received by Ansible
+ win_updates - fixed module return value is lost in error in some cases
+ win_user - Use LogonUser to validate the password as it does not
rely on SMB/RPC to be available
+ Security Fix - avoid loading host/group vars from cwd when not
specifying a playbook or playbook base dir
+ Security Fix - avoid using ansible.cfg in a world writable dir.
+ Fix junos_config confirm commit timeout issue
(https://github.com/ansible/ansible/pull/41527)
+ file module - The touch subcommand had its diff output broken during
the 2.6.x development cycle. This is now fixed.
+ inventory manager - This fixes required options being populated before
the inventory config file is read, so the required options may be
set in the config file.
+ nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209
+ win_domain - fixes typo in one of the AD cmdlets
https://github.com/ansible/ansible/issues/41536
+ win_group_membership - uses the internal Ansible SID conversion logic
and uses that when comparing group membership instead of the name
- use fdupes to save some space in python_sitelib
- define BuildRoot on older distributions like SLE-11
- be a bit more flexible with the ending of manpage files to allow
Fedora builds to succeed
- updated to latest release 2.6.0
- New Plugins:
+ Callback:
- cgroup_memory_recap
- grafana_annotations
- sumologic
+ Connection:
- httpapi
+ Inventory:
- foreman
- gcp_compute
- generator
- nmap
+ Lookup:
- onepassword
- onepassword_raw
- Modules updates too many to mention here
please look at package documentation directory (/usr/share/doc/packages/.../changelogs)
- bug fixes:
- **Security Fix** - Some connection exceptions would cause no_log
specified on a task to be ignored. If this happened, the task information,
including any private information coul d have been displayed to stdout and
(if enabled, not the default) logged to a log file specified in
ansible.cfg's log_path. Additionally, sites which redirected stdout from
ansible runs to a log file may have stored that private information onto
disk that way as well. (https://github.com/ansible/ansible/pull/41414)
- Changed the admin_users config option to not include 'admin' by default
as admin is frequently used for a non-privileged account
(https://github.com/ansible/ansible/pull/41164)
- Changed the output to 'text' for 'show vrf' command as default 'json'
output format with respect to 'eapi' transport was failing
(https://github.com/ansible/ansible/pull/41470)
- Document mode=preserve for both the copy and template module
- Fix added for Digital Ocean Volumes API change causing Ansible to
recieve an unexpected value in the response.
(https://github.com/ansible/ansible/pull/41431)
- Fix an encoding issue when parsing the examples from a plugins'
documentation
- Fix iosxr_config module to handle route-policy, community-set,
prefix-set, as-path-set and rd-set blocks. All these blocks are part of
route-policy language of iosxr.
- Fix mode=preserve with remote_src=True for the copy module
- Implement mode=preserve for the template module
- The yaml callback plugin now allows non-ascii characters to be
displayed.
- Various grafana_* modules - Port away from the deprecated
b64encodestring function to the b64encode function instead.
https://github.com/ansible/ansible/pull/38388
- added missing 'raise' to exception definition
https://github.com/ansible/ansible/pull/41690
- allow custom endpoints to be used in the aws_s3 module
(https://github.com/ansible/ansible/pull/36832)
- allow set_options to be called multiple times
https://github.com/ansible/ansible/pull/41913
- ansible-doc - fixed traceback on missing plugins
(https://github.com/ansible/ansible/pull/41167)
- cast the device_mapping volume size to an int in the ec2_ami module
(https://github.com/ansible/ansible/pull/40938)
- copy - fixed copy to only follow symlinks for files in the non-recursive case
- copy module - The copy module was attempting to change the mode of files
for remote_src=True even if mode was not set as a parameter. This
failed on filesystems which do not have permission bits
(https://github.com/ansible/ansible/pull/40099)
- copy module - fixed recursive copy with relative paths
(https://github.com/ansible/ansible/pull/40166)
- correct debug display for all cases
https://github.com/ansible/ansible/pull/41331
- correctly check hostvars for vars term
https://github.com/ansible/ansible/pull/41819
- correctly handle yaml inventory files when entries are null dicts
https://github.com/ansible/ansible/issues/41692
- dynamic includes - Allow inheriting attributes from static parents
(https://github.com/ansible/ansible/pull/38827)
- dynamic includes - Don't treat undefined vars for conditional includes
as truthy (https://github.com/ansible/ansible/pull/39377)
- dynamic includes - Fix IncludedFile comparison for free strategy
(https://github.com/ansible/ansible/pull/37083)
- dynamic includes - Improved performance by fixing re-parenting on copy
(https://github.com/ansible/ansible/pull/38747)
- dynamic includes - Use the copied and merged task for calculating task
vars (https://github.com/ansible/ansible/pull/39762)
- file - fixed the default follow behaviour of file to be true
- file module - Eliminate an error if we're asked to remove a file but
something removes it while we are processing the request
(https://github.com/ansible/ansible/pull/39466)
- file module - Fix error when recursively assigning permissions and a
symlink to a nonexistent file is present in the directory tree
(https://github.com/ansible/ansible/issues/39456)
- file module - Fix error when running a task which assures a symlink to a
nonexistent file exists for the second and subsequent times
(https://github.com/ansible/ansible/issues/39558)
- file module - The file module allowed the user to specify src as a
parameter when state was not link or hard. This is documented as only
applying to state=link or state=hard but in previous Ansible, this could
have an effect in rare cornercases. For instance, 'ansible -m file -a
'state=directory path=/tmp src=/var/lib'' would create /tmp/lib. This
has been disabled and a warning emitted (will change to an error in
Ansible-2.10).
- file module - The touch subcommand had its diff output broken during the
2.6.x development cycle. This is now fixed
(https://github.com/ansible/ansible/issues/41755)
- fix BotoCoreError exception handling
- fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/41530)
- fix async for the aws_s3 module by adding async support to the action
plugin (https://github.com/ansible/ansible/pull/40826)
- fix decrypting vault files for the aws_s3 module
(https://github.com/ansible/ansible/pull/39634)
- fix errors with S3-compatible APIs if they cannot use ACLs for buckets
or objects
- fix permission handling to try to download a file even if the user does
not have permission to list all objects in the bucket
- fixed config required handling, specifically for _terms in lookups
https://github.com/ansible/ansible/pull/41740
- gce_net - Fix sorting of allowed ports
(https://github.com/ansible/ansible/pull/41567)
- group_by - support implicit localhost
(https://github.com/ansible/ansible/pull/41860)
- import/include - Ensure role handlers have the proper parent, allowing
for correct attribute inheritance
(https://github.com/ansible/ansible/pull/39426)
- import_playbook - Pass vars applied to import_playbook into parsing of
the playbook as they may be needed to parse the imported plays
(https://github.com/ansible/ansible/pull/39521)
- include_role/import_role - Don't overwrite included role handlers with
play handlers on parse (https://github.com/ansible/ansible/pull/39563)
- include_role/import_role - Fix parameter templating
(https://github.com/ansible/ansible/pull/36372)
- include_role/import_role - Use the computed role name for
include_role/import_role so to diffentiate between names computed from
host vars (https://github.com/ansible/ansible/pull/39516)-
include_role/import_role - improved performance and recursion depth
(https://github.com/ansible/ansible/pull/36470)
- lineinfile - fix insertbefore when used with BOF to not insert duplicate
lines (https://github.com/ansible/ansible/issues/38219)
- password lookup - Do not load password lookup in network filters,
allowing the password lookup to be overriden
(https://github.com/ansible/ansible/pull/41907)
- pause - ensure ctrl+c interrupt works in all cases
(https://github.com/ansible/ansible/issues/35372)
- powershell - use the tmpdir set by `remote_tmp` for become/async tasks
instead of the generic $env:TEMP -
https://github.com/ansible/ansible/pull/40210
- selinux - correct check mode behavior to report same changes as normal
mode (https://github.com/ansible/ansible/pull/40721)
- spwd - With python 3.6 spwd.getspnam returns PermissionError instead of
KeyError if user does not have privileges
(https://github.com/ansible/ansible/issues/39472)
- synchronize - Ensure the local connection created by synchronize uses
_remote_is_local=True, which causes ActionBase to build a local tmpdir
(https://github.com/ansible/ansible/pull/40833)
- template - Fix for encoding issues when a template path contains
non-ascii characters and using the template path in ansible_managed
(https://github.com/ansible/ansible/issues/27262)
- template action plugin - fix the encoding of filenames to avoid
tracebacks on Python2 when characters that are not present in the user's
locale are present. (https://github.com/ansible/ansible/pull/39424)
- user - only change the expiration time when necessary
(https://github.com/ansible/ansible/issues/13235)
- uses correct conn info for reset_connection
https://github.com/ansible/ansible/issues/27520
- win_environment - Fix for issue where the environment value was deleted
when a null value or empty string was set -
https://github.com/ansible/ansible/issues/40450
- win_file - fix issue where special chars like [ and ] were not being
handled correctly https://github.com/ansible/ansible/pull/37901
- win_get_url - fixed a few bugs around authentication and force no when
using an FTP URL
- win_iis_webapppool - redirect some module output to null so Ansible can
read the output JSON https://github.com/ansible/ansible/issues/40874
- win_template - fix when specifying the dest option as a directory with
and without the trailing slash
https://github.com/ansible/ansible/issues/39886
- win_updates - Added the ability to run on a scheduled task for older
hosts so async starts working again -
https://github.com/ansible/ansible/issues/38364
- win_updates - Fix logic when using a whitelist for multiple updates
- win_updates - Fix typo that hid the download error when a download
failed
- win_updates - Fixed issue where running win_updates on async fails
without any error
- windows become - Show better error messages when the become process fails
- winrm - Add better error handling when the kinit process fails
- winrm - allow `ansible_user` or `ansible_winrm_user` to override
`ansible_ssh_user` when both are defined in an inventory -
https://github.com/ansible/ansible/issues/39844
- winrm - ensure pexpect is set to not echo the input on a failure and have
a manual sanity check afterwards
https://github.com/ansible/ansible/issues/41865
- winrm connection plugin - Fix exception messages sometimes raising a
traceback when the winrm connection plugin encounters an unrecoverable
error. https://github.com/ansible/ansible/pull/39333
- xenserver_facts - ensure module works with newer versions of XenServer
(https://github.com/ansible/ansible/pull/35821)
- use python3 on (open)SUSE 15 or newer
- Update to 2.5.5
- Changed the admin_users config option to not include 'admin' by default
as admin is frequently used for a non-privileged account
- aws_s3 - add async support to the action plugin
- aws_s3 - fix decrypting vault files
- ec2_ami - cast the device_mapping volume size to an int
- eos_logging - fix idempotency issues
- cache plugins - A cache timeout of 0 means the cache will not expire.
- ios_logging - fix idempotency issues
- ios/nxos/eos_config - don't retrieve config in running_config when config is provided for diff
- nxos_banner - fix multiline banner issue
- nxos terminal plugin - fix output truncation
- nxos_l3_interface - fix no switchport issue with loopback and svi interfaces
- nxos_snapshot - fix compare_option
- update to 2.2.3.0 (boo#1056094)
* Various minor bug fixes
Patchnames
openSUSE-2019-238
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ansible",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ansible fixes the following issues:\n\nSecurity vulnerabilities fixed:\n\n- CVE-2018-16876: Respect no_log on retry and high verbosity (bsc#1118896)\n- CVE-2018-16859: Windows - prevent sensitive content from appearing in\n scriptblock logging (bsc#1116587)\n- CVE-2018-10855: Fixed the honouration of the no_log option with failed task\n iterations (boo#1097775)\n- CVE-2017-7466: Fixed an input validation vulnerability in Ansible\u0027s handling\n of data sent from client systems\n- CVE-2017-7481: Fixed a security issue with lookup return not tainting the\n jinja2 environment (bsc#1038785)\n\nOther bug fixes and changes:\n\n- Update to version 2.7.6\n * Added log message at -vvvv when using netconf connection listing connection details.\n * Changes how ansible-connection names socket lock files. They now use the same name as the socket itself, and as such do not lock other attempts on connections to the same host, or cause issues with overly-long hostnames.\n * Fix mandatory statement error for junos modules (https://github.com/ansible/ansible/pull/50138)\n * Moved error in netconf connection plugin from at import to on connection.\n * This reverts some changes from commit 723daf3. If a line is found in the file, exactly or via regexp matching, it must not be added again. insertafter/insertbefore options are used only when a line is to be inserted, to specify where it must be added.\n * allow using openstack inventory plugin w/o a cache\n * callbacks - Do not filter out exception, warnings, deprecations on failure when using debug (https://github.com/ansible/ansible/issues/47576)\n * certificate_complete_chain - fix behavior when invalid file is parsed while reading intermediate or root certificates.\n * copy - Ensure that the src file contents is converted to unicode in diff information so that it is properly wrapped by AnsibleUnsafeText to prevent unexpected templating of diff data in Python3 (https://github.com/ansible/ansible/issues/45717)\n * correct behaviour of verify_file for vmware inventory plugin, it was always returning True\n * dnf - fix issue where conf_file was not being loaded properly\n * dnf - fix update_cache combined with install operation to not cause dnf transaction failure\n * docker_container - fix network_mode idempotency if the container:\u003ccontainer-name\u003e form is used (as opposed to container:\u003ccontainer-id\u003e) (https://github.com/ansible/ansible/issues/49794)\n * docker_container - warning when non-string env values are found, avoiding YAML parsing issues. Will be made an error in Ansible 2.8. (https://github.com/ansible/ansible/issues/49802)\n * docker_swarm_service - Document labels and container_labels with correct type.\n * docker_swarm_service - Document limit_memory and reserve_memory correctly on how to specify sizes.\n * docker_swarm_service - Document minimal API version for configs and secrets.\n * docker_swarm_service - fix use of Docker API so that services are not detected as present if there is an existing service whose name is a substring of the desired service\n * docker_swarm_service - fixing falsely reporting update_order as changed when option is not used.\n * document old option that was initally missed\n * ec2_instance now respects check mode https://github.com/ansible/ansible/pull/46774\n * fix for network_cli - ansible_command_timeout not working as expected (#49466)\n * fix handling of firewalld port if protocol is missing\n * fix lastpass lookup failure on python 3 (https://github.com/ansible/ansible/issues/42062)\n * flatpak - Fixed Python 2/3 compatibility\n * flatpak - Fixed issue where newer versions of flatpak failed on flatpak removal\n * flatpak_remote - Fixed Python 2/3 compatibility\n * gcp_compute_instance - fix crash when the instance metadata is not set\n * grafana_dashboard - Fix a pair of unicode string handling issues with version checking (https://github.com/ansible/ansible/pull/49194)\n * host execution order - Fix reverse_inventory not to change the order of the items before reversing on python2 and to not backtrace on python3\n * icinga2_host - fixed the issue with not working use_proxy option of the module.\n * influxdb_user - An unspecified password now sets the password to blank, except on existing users. This previously caused an unhandled exception.\n * influxdb_user - Fixed unhandled exception when using invalid login credentials (https://github.com/ansible/ansible/issues/50131)\n * openssl_* - fix error when path contains a file name without path.\n * openssl_csr - fix problem with idempotency of keyUsage option.\n * openssl_pkcs12 - now does proper path expansion for ca_certificates.\n * os_security_group_rule - os_security_group_rule doesn\u0027t exit properly when secgroup doesn\u0027t exist and state=absent (https://github.com/ansible/ansible/issues/50057)\n * paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent \u0027Authentication timeout\u0027 errors when a slow authentication step (\u003e30s) happens with a host (https://github.com/ansible/ansible/issues/42596)\n * purefa_facts and purefb_facts now correctly adds facts into main ansible_fact dictionary (https://github.com/ansible/ansible/pull/50349)\n * reboot - add appropriate commands to make the plugin work with VMware ESXi (https://github.com/ansible/ansible/issues/48425)\n * reboot - add support for rebooting AIX (https://github.com/ansible/ansible/issues/49712)\n * reboot - gather distribution information in order to support Alpine and other distributions (https://github.com/ansible/ansible/issues/46723)\n * reboot - search common paths for the shutdown command and use the full path to the binary rather than depending on the PATH of the remote system (https://github.com/ansible/ansible/issues/47131)\n * reboot - use a common set of commands for older and newer Solaris and SunOS variants (https://github.com/ansible/ansible/pull/48986)\n * redfish_utils - fix reference to local variable \u0027systems_service\u0027\n * setup - fix the rounding of the ansible_memtotal_mb value on VMWare vm\u0027s (https://github.com/ansible/ansible/issues/49608)\n * vultr_server - fixed multiple ssh keys were not handled.\n * win_copy - Fix copy of a dir that contains an empty directory - https://github.com/ansible/ansible/issues/50077\n * win_firewall_rule - Remove invalid \u0027bypass\u0027 action\n * win_lineinfile - Fix issue where a malformed json block was returned causing an error\n * win_updates - Correctly report changes on success\n\n- update to version 2.7.5\n * ACME modules: improve error messages in some cases (include error returned by server).\n * Added unit test for VMware module_utils.\n * Also check stdout for interpreter errors for more intelligent messages to user\n * Backported support for Devuan-based distribution\n * Convert hostvars data in OpenShift inventory plugin to be serializable by ansible-inventory\n * Fix AttributeError (Python 3 only) when an exception occurs while rendering a template\n * Fix N3K power supply facts (https://github.com/ansible/ansible/pull/49150).\n * Fix NameError nxos_facts (https://github.com/ansible/ansible/pull/48981).\n * Fix VMware module utils for self usage.\n * Fix error in OpenShift inventory plugin when a pod has errored and is empty\n * Fix if the route table changed to none (https://github.com/ansible/ansible/pull/49533)\n * Fix iosxr netconf plugin response namespace (https://github.com/ansible/ansible/pull/49300)\n * Fix issues with nxos_install_os module for nxapi (https://github.com/ansible/ansible/pull/48811).\n * Fix lldp and cdp neighbors information (https://github.com/ansible/ansible/pull/48318)(https://github.com/ansible/ansible/pull/48087)(https://github.com/ansible/ansible/pull/49024).\n * Fix nxos_interface and nxos_linkagg Idempotence issue (https://github.com/ansible/ansible/pull/46437).\n * Fix traceback when updating facts and the fact cache plugin was nonfunctional\n * Fix using vault encrypted data with jinja2_native (https://github.com/ansible/ansible/issues/48950)\n * Fixed: Make sure that the files excluded when extracting the archive are not checked. https://github.com/ansible/ansible/pull/45122\n * Fixes issue where a password parameter was not set to no_log\n * aci_rest - Fix issue ignoring custom port\n * acme_account, acme_account_facts - in some cases, it could happen that the modules return information on disabled accounts accidentally returned by the ACME server.\n * docker_swarm - decreased minimal required API version from 1.35 to 1.25; some features require API version 1.30 though.\n * docker_swarm_service: fails because of default \u0027user: root\u0027 (https://github.com/ansible/ansible/issues/49199)\n * ec2_metadata_facts - Parse IAM role name from the security credential field since the instance profile name is different\n * fix azure_rm_image module use positional parameter (https://github.com/ansible/ansible/pull/49394)\n * fixes an issue with dict_merge in network utils (https://github.com/ansible/ansible/pull/49474)\n * gcp_utils - fix google auth scoping issue with application default credentials or google cloud engine credentials. Only scope credentials that can be scoped.\n * mail - fix python 2.7 regression\n * openstack - fix parameter handling when cloud provided as dict https://github.com/ansible/ansible/issues/42858\n * os_user - Include domain parameter in user deletion https://github.com/ansible/ansible/issues/42901\n * os_user - Include domain parameter in user lookup https://github.com/ansible/ansible/issues/42901\n * ovirt_storage_connection - comparing passwords breaks idempotency in update_check (https://github.com/ansible/ansible/issues/48933)\n * paramiko_ssh - improve log message to state the connection type\n * reboot - use IndexError instead of TypeError in exception\n * redis cache - Support version 3 of the redis python library (https://github.com/ansible/ansible/issues/49341)\n * sensu_silence - Cast int for expire field to avoid call failure to sensu API.\n * vmware_host_service_facts - handle exception when service package does not have package name.\n * win_nssm - Switched to Argv-ToString for escaping NSSM credentials (https://github.com/ansible/ansible/issues/48728)\n * zabbix_hostmacro - Added missing validate_certs logic for running module against Zabbix servers with untrused SSL certificates (https://github.com/ansible/ansible/issues/47611)\n * zabbix_hostmacro - Fixed support for user macros with context (https://github.com/ansible/ansible/issues/46953)\n\n- update to version 2.7.4\n * powershell - add lib/ansible/executor/powershell to the packaging data\n\n- update to version 2.7.3\n * Fix the issue that FTD HTTP API retries authentication-related HTTP requests\n * Fix the issue that module fails when the Swagger model does not have required fields\n * Fix the issue with comparing string-like objects\n * Fix using omit on play keywords\n * apt_key - Disable TTY requirement in GnuPG for the module to work correctly \n\twhen SSH pipelining is enabled\n * better error message when bad type in config, deal with EVNAR= more gracefully\n * configuration retrieval would fail on non primed plugins\n * cs_template - Fixed a KeyError on state=extracted\n * docker_container - fix idempotency problems with docker-py caused by previous\n\tinit idempotency fix\n * docker_container - fix interplay of docker-py version check with argument_spec\n\tvalidation improvements\n * docker_network - driver_options containing Python booleans would cause Docker\n to throw exceptions\n * ec2_group - Fix comparison of determining which rules to purge by ignoring descriptions\n * pip module - fix setuptools/distutils replacement\n * sysvinit - enabling a service should use \u0027defaults\u0027 if no runlevels are specified\n\n- update to version 2.7.2\n * Minor changes\n\n- update to 2.7.1\n * Minor changes\n\n- update to 2.7.0\n * Allow config to enable native jinja types\n * Remove support for simplejson\n * yum and dnf modules now at feature parity\n * Security Fix - avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir\n * Security Fix - avoid using ansible.cfg in a world writable dir\n * Some connection exception would cause no_log specified on a task to be ignored (stdout info disclosure)\n * Fix glob path of rc.d (SUSE-specific)\n * Fix lambda_policy updates\n * Fix alt linux detection/matching\n\n- update to 2.6.4\n * Add md5sum check in nxos_file_copy module\n * Allow arbitrary log_driver for docker_container\n * Fix Python2.6 regex bug terminal plugin nxos, iosxr\n * Fix check_mode in nxos_static_route module\n * Fix glob path of rc.d Some distribtuions like SUSE has the rc%.d\n directories under /etc/init.d\n * Fix network config diff issue for lines \n * Fixed an issue where ansible_facts.pkg_mgr would incorrectly set \n to zypper on Debian/Ubuntu systems that happened to have the \n command installed\n * The docker_* modules respect the DOCKER_* environment variables again\n * The fix for CVE-2018-10875 prints out a warning message about \n skipping a config file from a world writable current working directory.\n However, if the user is in a world writable current working directory \n which does not contain a config file, it should not print a warning \n message. This release fixes that extaneous warning.\n * To resolve nios_network issue where vendor-encapsulated-options \n can not have a use_option flag.\n * To resolve the issue of handling exception for Nios lookup gracefully.\n * always correctly template no log for tasks\n * ansible-galaxy - properly list all roles in roles_path\n * basic.py - catch ValueError in case a FIPS enabled platform \n raises this exception\n * docker_container: fixing working_dir idempotency problem \n * docker_container: makes unit parsing for memory sizes more consistent, \n and fixes idempotency problem when kernel_memory is set\n * fix example code for AWS lightsail documentation\n * fix the enable_snat parameter that is only supposed to be used by \n an user with the right policies.\n * fixes docker_container check and debug mode\n * improves docker_container idempotency\n * ios_l2_interface - fix bug when list of vlans ends with comma\n * ios_l2_interface - fix issue with certain interface types\n * ios_user - fix unable to delete user admin issue \n * ios_vlan - fix unable to work on certain interface types issue \n * nxos_facts test lldp feature and fix nxapi check_rc \n * nxos_interface port-channel idempotence fix for mode\n * nxos_linkagg mode fix \n * nxos_system idempotence fix\n * nxos_vlan refactor to support non structured output\n * one_host - fixes settings via environment variables\n * use retry_json nxos_banner\n * user - Strip trailing comments in /etc/default/passwd \n * user - when creating a new user without an expiration date, \n properly set no expiration rather that expirining the account\n * win_domain_computer - fixed deletion of computer active directory \n object that have dependent objects\n * win_domain_computer - fixed error in diff_support\n * win_domain_computer - fixed error when description parameter is empty \n * win_psexec - changed code to not escape the command option when building the args\n * win_uri -- Fix support for JSON output when charset is set\n * win_wait_for - fix issue where timeout doesn\u0027t wait unless state=drained\n\n- update to 2.6.3\n * Fix lxd module to be idempotent when the given configuration for\n\tthe lxd container has not changed\n * Fix setting value type to str to avoid conversion during template\n\tread. Fix Idempotency in case of \u0027no key\u0027.\n * Fix the mount module\u0027s handling of swap entries in fstab\n * The fix for (CVE-2018-10875) prints out a warning message about\n\tskipping a config file from a world writable current working\n\tdirectory. However, if the user explicitly specifies that the \n\tconfig file should be used via the ANSIBLE_CONFIG environment\n\tvariable then Ansible would honor that but still print out the\n\twarning message. This has been fixed so that Ansible honors the\n\tuser\u0027s explicit wishes and does not print a warning message in\n\tthat circumstance.\n * To fix the bug where existing host_record was deleted when existing\n\trecord name is used with different IP.\n * VMware handle pnic in proxyswitch\n * fix azure security group cannot add rules when purge_rule set to false.\n * fix azure_rm_deployment collect tags from existing Resource Group.\n * fix azure_rm_loadbalancer_facts list takes at least 2 arguments.\n * fix for the bundled selectors module (used in the ssh and local \n\tconnection plugins) when a syscall is restarted after being \n\tinterrupted by a signal\n * get_url - fix the bug that get_url does not change mode when checksum matches\n * nicer error when multiprocessing breaks\n * openssl_certificate - Convert valid_date to bytes for conversion\n * openstack_inventory.py dynamic inventory file fixed the plugin to the \n\tscript so that it will work with current ansible-inventory. Also \n redirect stdout before dumping the ouptput, because not doing so will\n\tcause JSON parse errors in some cases.\n * slack callback - Fix invocation by looking up data from cli.options\n * sysvinit module: handle values of optional parameters. Don\u0027t disable \n\tservice when enabled parameter isn\u0027t set. Fix command when arguments \n\tparameter isn\u0027t set.\n * vars_prompt - properly template play level variables in vars_prompt\n * win_domain - ensure the Netlogon service is up and running after \n\tpromoting host to controller\n * win_domain_controller - ensure the Netlogon service is up and running\n\tafter promoting host to controller\n\n- update to 2.6.2\n + Add text output along with structured output in nxos_facts \n + Allow more than one page of results by using the right pagination \n indicator (\u0027NextMarker\u0027 instead of \u0027NextToken\u0027).\n + Fix an atomic_move error that is \u0027true\u0027, but misleading. \n Now we show all 3 files involved and clarify what happened.\n + Fix eos_l2_interface eapi.\n + Fix fetching old style facts in junos_facts module\n + Fix get_device_info nxos zero or more whitespace regex\n + Fix nxos CI failures\n + Fix nxos_nxapi default http behavior\n + Fix nxos_vxlan_vtep_vni\n + Fix regex network_os_platform nxos\n + Refactor nxos cliconf get_device_info for non structured \n output supported devices\n + To fix the NoneType error raised in ios_l2_interface when \n Access Mode VLAN is unassigned\n + emtpy host/group name is an error\n + fix default SSL version for docker modules\n + fix mail module when using starttls\n + fix nmap config example\n + fix ps detection of service\n + fix the remote tmp folder permissions issue when becoming a non \n admin user\n + fix typoe in sysvinit that breaks update.rc-d detection\n + fixes docker_container compatibilty with docker-py \u003c 2.2\n + get_capabilities in nxapi module_utils should not return empty dictionary\n + inventory - When using an inventory directory, ensure extension \n comparison uses text types\n + ios_vlan - fix unable to identify correct vlans issue\n + nxos_facts warning message improved\n + openvswitch_db - make \u0027key\u0027 argument optional\n + pause - do not set stdout to raw mode when redirecting to a file\n + pause - nest try except when importing curses to gracefully fail \n if curses is not present\n + plugins/inventory/openstack.py - Do not create group with empty \n name if region is not set\n + preseve delegation info on nolog\n + remove ambiguity when it comes to \u0027the source\u0027\n + remove dupes from var precedence\n + restores filtering out conflicting facts\n + user - fix bug that resulted in module always reporting a change when \n specifiying the home directory on FreeBSD\n + user - use correct attribute name in FreeBSD for creat_home\n + vultr - Do not fail trying to load configuration from ini files if \n required variables have been set as environment variables.\n + vyos_command correcting conditionals looping\n + win_chocolatey - enable TLSv1.2 support when downloading the \n Chocolatey installer \n + win_reboot - fix for handling an already scheduled reboot and other \n minor log formatting issues\n + win_reboot - fix issue when overridding connection timeout hung \n the post reboot uptime check\n + win_reboot - handle post reboots when running test_command \n + win_security_policy - allows an empty string to reset a policy value\n + win_share - discard any cmdlet output we don\u0027t use to ensure only the \n return json is received by Ansible\n + win_unzip - discard any cmdlet output we don\u0027t use to ensure only the \n return json is received by Ansible\n + win_updates - fixed module return value is lost in error in some cases\n + win_user - Use LogonUser to validate the password as it does not \n rely on SMB/RPC to be available\n + Security Fix - avoid loading host/group vars from cwd when not \n specifying a playbook or playbook base dir\n + Security Fix - avoid using ansible.cfg in a world writable dir.\n + Fix junos_config confirm commit timeout issue \n (https://github.com/ansible/ansible/pull/41527)\n + file module - The touch subcommand had its diff output broken during\n the 2.6.x development cycle. This is now fixed.\n + inventory manager - This fixes required options being populated before \n the inventory config file is read, so the required options may be \n set in the config file.\n + nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209\n + win_domain - fixes typo in one of the AD cmdlets \n https://github.com/ansible/ansible/issues/41536\n + win_group_membership - uses the internal Ansible SID conversion logic \n and uses that when comparing group membership instead of the name \n- use fdupes to save some space in python_sitelib\n- define BuildRoot on older distributions like SLE-11\n- be a bit more flexible with the ending of manpage files to allow\n Fedora builds to succeed\n\n- updated to latest release 2.6.0 \n\n- New Plugins:\n + Callback: \n - cgroup_memory_recap\n - grafana_annotations\n - sumologic\n + Connection:\n - httpapi\n + Inventory:\n - foreman\n - gcp_compute\n - generator\n - nmap\n + Lookup:\n - onepassword\n - onepassword_raw\n- Modules updates too many to mention here\n please look at package documentation directory (/usr/share/doc/packages/.../changelogs)\n- bug fixes:\n - **Security Fix** - Some connection exceptions would cause no_log\n specified on a task to be ignored. If this happened, the task information,\n including any private information coul d have been displayed to stdout and\n (if enabled, not the default) logged to a log file specified in\n ansible.cfg\u0027s log_path. Additionally, sites which redirected stdout from\n ansible runs to a log file may have stored that private information onto\n disk that way as well. (https://github.com/ansible/ansible/pull/41414)\n - Changed the admin_users config option to not include \u0027admin\u0027 by default\n as admin is frequently used for a non-privileged account\n (https://github.com/ansible/ansible/pull/41164)\n - Changed the output to \u0027text\u0027 for \u0027show vrf\u0027 command as default \u0027json\u0027\n output format with respect to \u0027eapi\u0027 transport was failing\n (https://github.com/ansible/ansible/pull/41470)\n - Document mode=preserve for both the copy and template module\n - Fix added for Digital Ocean Volumes API change causing Ansible to\n recieve an unexpected value in the response. \n (https://github.com/ansible/ansible/pull/41431)\n - Fix an encoding issue when parsing the examples from a plugins\u0027\n documentation\n - Fix iosxr_config module to handle route-policy, community-set,\n prefix-set, as-path-set and rd-set blocks. All these blocks are part of\n route-policy language of iosxr.\n - Fix mode=preserve with remote_src=True for the copy module\n - Implement mode=preserve for the template module\n - The yaml callback plugin now allows non-ascii characters to be\n displayed.\n - Various grafana_* modules - Port away from the deprecated\n b64encodestring function to the b64encode function instead. \n https://github.com/ansible/ansible/pull/38388\n - added missing \u0027raise\u0027 to exception definition\n https://github.com/ansible/ansible/pull/41690\n - allow custom endpoints to be used in the aws_s3 module\n (https://github.com/ansible/ansible/pull/36832)\n - allow set_options to be called multiple times\n https://github.com/ansible/ansible/pull/41913\n - ansible-doc - fixed traceback on missing plugins\n (https://github.com/ansible/ansible/pull/41167)\n - cast the device_mapping volume size to an int in the ec2_ami module\n (https://github.com/ansible/ansible/pull/40938)\n - copy - fixed copy to only follow symlinks for files in the non-recursive case\n - copy module - The copy module was attempting to change the mode of files\n for remote_src=True even if mode was not set as a parameter. This\n failed on filesystems which do not have permission bits\n (https://github.com/ansible/ansible/pull/40099)\n - copy module - fixed recursive copy with relative paths\n (https://github.com/ansible/ansible/pull/40166)\n - correct debug display for all cases\n https://github.com/ansible/ansible/pull/41331\n - correctly check hostvars for vars term\n https://github.com/ansible/ansible/pull/41819\n - correctly handle yaml inventory files when entries are null dicts\n https://github.com/ansible/ansible/issues/41692\n - dynamic includes - Allow inheriting attributes from static parents\n (https://github.com/ansible/ansible/pull/38827)\n - dynamic includes - Don\u0027t treat undefined vars for conditional includes\n as truthy (https://github.com/ansible/ansible/pull/39377)\n - dynamic includes - Fix IncludedFile comparison for free strategy\n (https://github.com/ansible/ansible/pull/37083)\n - dynamic includes - Improved performance by fixing re-parenting on copy\n (https://github.com/ansible/ansible/pull/38747)\n - dynamic includes - Use the copied and merged task for calculating task\n vars (https://github.com/ansible/ansible/pull/39762)\n - file - fixed the default follow behaviour of file to be true\n - file module - Eliminate an error if we\u0027re asked to remove a file but\n something removes it while we are processing the request\n (https://github.com/ansible/ansible/pull/39466)\n - file module - Fix error when recursively assigning permissions and a\n symlink to a nonexistent file is present in the directory tree\n (https://github.com/ansible/ansible/issues/39456)\n - file module - Fix error when running a task which assures a symlink to a\n nonexistent file exists for the second and subsequent times\n (https://github.com/ansible/ansible/issues/39558)\n - file module - The file module allowed the user to specify src as a\n parameter when state was not link or hard. This is documented as only\n applying to state=link or state=hard but in previous Ansible, this could\n have an effect in rare cornercases. For instance, \u0027ansible -m file -a\n \u0027state=directory path=/tmp src=/var/lib\u0027\u0027 would create /tmp/lib. This\n has been disabled and a warning emitted (will change to an error in\n Ansible-2.10).\n - file module - The touch subcommand had its diff output broken during the\n 2.6.x development cycle. This is now fixed\n (https://github.com/ansible/ansible/issues/41755)\n - fix BotoCoreError exception handling\n - fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/41530)\n - fix async for the aws_s3 module by adding async support to the action\n plugin (https://github.com/ansible/ansible/pull/40826)\n - fix decrypting vault files for the aws_s3 module\n (https://github.com/ansible/ansible/pull/39634)\n - fix errors with S3-compatible APIs if they cannot use ACLs for buckets\n or objects\n - fix permission handling to try to download a file even if the user does\n not have permission to list all objects in the bucket\n - fixed config required handling, specifically for _terms in lookups\n https://github.com/ansible/ansible/pull/41740\n - gce_net - Fix sorting of allowed ports\n (https://github.com/ansible/ansible/pull/41567)\n - group_by - support implicit localhost\n (https://github.com/ansible/ansible/pull/41860)\n - import/include - Ensure role handlers have the proper parent, allowing\n for correct attribute inheritance\n (https://github.com/ansible/ansible/pull/39426)\n - import_playbook - Pass vars applied to import_playbook into parsing of\n the playbook as they may be needed to parse the imported plays\n (https://github.com/ansible/ansible/pull/39521)\n - include_role/import_role - Don\u0027t overwrite included role handlers with\n play handlers on parse (https://github.com/ansible/ansible/pull/39563)\n - include_role/import_role - Fix parameter templating\n (https://github.com/ansible/ansible/pull/36372)\n - include_role/import_role - Use the computed role name for\n include_role/import_role so to diffentiate between names computed from\n host vars (https://github.com/ansible/ansible/pull/39516)-\n include_role/import_role - improved performance and recursion depth\n (https://github.com/ansible/ansible/pull/36470)\n - lineinfile - fix insertbefore when used with BOF to not insert duplicate\n lines (https://github.com/ansible/ansible/issues/38219)\n - password lookup - Do not load password lookup in network filters,\n allowing the password lookup to be overriden\n (https://github.com/ansible/ansible/pull/41907)\n - pause - ensure ctrl+c interrupt works in all cases\n (https://github.com/ansible/ansible/issues/35372)\n - powershell - use the tmpdir set by `remote_tmp` for become/async tasks\n instead of the generic $env:TEMP -\n https://github.com/ansible/ansible/pull/40210\n - selinux - correct check mode behavior to report same changes as normal\n mode (https://github.com/ansible/ansible/pull/40721)\n - spwd - With python 3.6 spwd.getspnam returns PermissionError instead of\n KeyError if user does not have privileges\n (https://github.com/ansible/ansible/issues/39472)\n - synchronize - Ensure the local connection created by synchronize uses\n _remote_is_local=True, which causes ActionBase to build a local tmpdir\n (https://github.com/ansible/ansible/pull/40833)\n - template - Fix for encoding issues when a template path contains\n non-ascii characters and using the template path in ansible_managed\n (https://github.com/ansible/ansible/issues/27262)\n - template action plugin - fix the encoding of filenames to avoid\n tracebacks on Python2 when characters that are not present in the user\u0027s\n locale are present. (https://github.com/ansible/ansible/pull/39424)\n - user - only change the expiration time when necessary\n (https://github.com/ansible/ansible/issues/13235)\n - uses correct conn info for reset_connection\n https://github.com/ansible/ansible/issues/27520\n - win_environment - Fix for issue where the environment value was deleted\n when a null value or empty string was set -\n https://github.com/ansible/ansible/issues/40450\n - win_file - fix issue where special chars like [ and ] were not being\n handled correctly https://github.com/ansible/ansible/pull/37901\n - win_get_url - fixed a few bugs around authentication and force no when\n using an FTP URL\n - win_iis_webapppool - redirect some module output to null so Ansible can\n read the output JSON https://github.com/ansible/ansible/issues/40874\n - win_template - fix when specifying the dest option as a directory with\n and without the trailing slash\n https://github.com/ansible/ansible/issues/39886\n - win_updates - Added the ability to run on a scheduled task for older\n hosts so async starts working again -\n https://github.com/ansible/ansible/issues/38364\n - win_updates - Fix logic when using a whitelist for multiple updates\n - win_updates - Fix typo that hid the download error when a download\n failed\n - win_updates - Fixed issue where running win_updates on async fails\n without any error\n - windows become - Show better error messages when the become process fails\n - winrm - Add better error handling when the kinit process fails\n - winrm - allow `ansible_user` or `ansible_winrm_user` to override\n `ansible_ssh_user` when both are defined in an inventory -\n https://github.com/ansible/ansible/issues/39844\n - winrm - ensure pexpect is set to not echo the input on a failure and have\n a manual sanity check afterwards\n https://github.com/ansible/ansible/issues/41865\n - winrm connection plugin - Fix exception messages sometimes raising a\n traceback when the winrm connection plugin encounters an unrecoverable\n error. https://github.com/ansible/ansible/pull/39333\n - xenserver_facts - ensure module works with newer versions of XenServer\n (https://github.com/ansible/ansible/pull/35821)\n\n- use python3 on (open)SUSE 15 or newer\n\n- Update to 2.5.5\n - Changed the admin_users config option to not include \u0027admin\u0027 by default\n as admin is frequently used for a non-privileged account\n - aws_s3 - add async support to the action plugin\n - aws_s3 - fix decrypting vault files\n - ec2_ami - cast the device_mapping volume size to an int\n - eos_logging - fix idempotency issues\n - cache plugins - A cache timeout of 0 means the cache will not expire.\n - ios_logging - fix idempotency issues\n - ios/nxos/eos_config - don\u0027t retrieve config in running_config when config is provided for diff\n - nxos_banner - fix multiline banner issue\n - nxos terminal plugin - fix output truncation\n - nxos_l3_interface - fix no switchport issue with loopback and svi interfaces\n - nxos_snapshot - fix compare_option\n\n- update to 2.2.3.0 (boo#1056094)\n * Various minor bug fixes",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-238",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0238-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0238-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FH47JG2364DS3RXEQACFFT4VQTRTO2I6/#FH47JG2364DS3RXEQACFFT4VQTRTO2I6"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0238-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FH47JG2364DS3RXEQACFFT4VQTRTO2I6/#FH47JG2364DS3RXEQACFFT4VQTRTO2I6"
},
{
"category": "self",
"summary": "SUSE Bug 1056094",
"url": "https://bugzilla.suse.com/1056094"
},
{
"category": "self",
"summary": "SUSE Bug 1097775",
"url": "https://bugzilla.suse.com/1097775"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7466 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7481 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10855 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16859 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16876 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16876/"
}
],
"title": "Security update for ansible",
"tracking": {
"current_release_date": "2019-02-23T08:23:03Z",
"generator": {
"date": "2019-02-23T08:23:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0238-1",
"initial_release_date": "2019-02-23T08:23:03Z",
"revision_history": [
{
"date": "2019-02-23T08:23:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ansible-2.7.6-bp150.3.3.1.noarch",
"product": {
"name": "ansible-2.7.6-bp150.3.3.1.noarch",
"product_id": "ansible-2.7.6-bp150.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-2.7.6-bp150.3.3.1.noarch as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
},
"product_reference": "ansible-2.7.6-bp150.3.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-7466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7466"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7466",
"url": "https://www.suse.com/security/cve/CVE-2017-7466"
},
{
"category": "external",
"summary": "SUSE Bug 1019021 for CVE-2017-7466",
"url": "https://bugzilla.suse.com/1019021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-23T08:23:03Z",
"details": "important"
}
],
"title": "CVE-2017-7466"
},
{
"cve": "CVE-2017-7481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7481"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as \u0027unsafe\u0027 and is not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7481",
"url": "https://www.suse.com/security/cve/CVE-2017-7481"
},
{
"category": "external",
"summary": "SUSE Bug 1038785 for CVE-2017-7481",
"url": "https://bugzilla.suse.com/1038785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-23T08:23:03Z",
"details": "moderate"
}
],
"title": "CVE-2017-7481"
},
{
"cve": "CVE-2018-10855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10855"
}
],
"notes": [
{
"category": "general",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10855",
"url": "https://www.suse.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "SUSE Bug 1097775 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1097775"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-23T08:23:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-10855"
},
{
"cve": "CVE-2018-10875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10875"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10875",
"url": "https://www.suse.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-23T08:23:03Z",
"details": "important"
}
],
"title": "CVE-2018-10875"
},
{
"cve": "CVE-2018-16859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16859"
}
],
"notes": [
{
"category": "general",
"text": "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for \u0027become\u0027 passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16859",
"url": "https://www.suse.com/security/cve/CVE-2018-16859"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-16859",
"url": "https://bugzilla.suse.com/1109957"
},
{
"category": "external",
"summary": "SUSE Bug 1116587 for CVE-2018-16859",
"url": "https://bugzilla.suse.com/1116587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-23T08:23:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-16859"
},
{
"cve": "CVE-2018-16876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16876"
}
],
"notes": [
{
"category": "general",
"text": "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16876",
"url": "https://www.suse.com/security/cve/CVE-2018-16876"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-16876",
"url": "https://bugzilla.suse.com/1109957"
},
{
"category": "external",
"summary": "SUSE Bug 1118896 for CVE-2018-16876",
"url": "https://bugzilla.suse.com/1118896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-23T08:23:03Z",
"details": "low"
}
],
"title": "CVE-2018-16876"
}
]
}
OPENSUSE-SU-2025:15605-1
Vulnerability from csaf_opensuse - Published: 2025-10-08 00:00 - Updated: 2025-10-08 00:00Summary
ansible-11-11.11.0-1.1 on GA media
Notes
Title of the patch
ansible-11-11.11.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the ansible-11-11.11.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15605
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ansible-11-11.11.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ansible-11-11.11.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15605",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15605-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4966 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4967 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3908 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3096 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9587 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7466 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7481 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7550 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10855 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16837 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16859 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16876 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10156 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10206 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10217 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14846 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14856 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14858 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14864 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14904 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14905 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3828 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10684 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10685 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10691 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10729 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14330 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14332 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1733 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1734 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1735 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1736 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1737 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1738 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1739 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1740 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1744 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1746 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1753 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20178 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20180 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20191 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20228 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3583 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3583/"
}
],
"title": "ansible-11-11.11.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-10-08T00:00:00Z",
"generator": {
"date": "2025-10-08T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15605-1",
"initial_release_date": "2025-10-08T00:00:00Z",
"revision_history": [
{
"date": "2025-10-08T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ansible-11-11.11.0-1.1.aarch64",
"product": {
"name": "ansible-11-11.11.0-1.1.aarch64",
"product_id": "ansible-11-11.11.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-11-11.11.0-1.1.ppc64le",
"product": {
"name": "ansible-11-11.11.0-1.1.ppc64le",
"product_id": "ansible-11-11.11.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-11-11.11.0-1.1.s390x",
"product": {
"name": "ansible-11-11.11.0-1.1.s390x",
"product_id": "ansible-11-11.11.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-11-11.11.0-1.1.x86_64",
"product": {
"name": "ansible-11-11.11.0-1.1.x86_64",
"product_id": "ansible-11-11.11.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-11-11.11.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64"
},
"product_reference": "ansible-11-11.11.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-11-11.11.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le"
},
"product_reference": "ansible-11-11.11.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-11-11.11.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x"
},
"product_reference": "ansible-11-11.11.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-11-11.11.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
},
"product_reference": "ansible-11-11.11.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-4966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4966"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before 1.6.7 does not prevent inventory data with \"{{\" and \"lookup\" substrings, and does not prevent remote data with \"{{\" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup(\u0027pipe\u0027) calls or (2) crafted Jinja2 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4966",
"url": "https://www.suse.com/security/cve/CVE-2014-4966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-4966"
},
{
"cve": "CVE-2014-4967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4967"
}
],
"notes": [
{
"category": "general",
"text": "Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing \" src=\" clause, (2) a trailing \" temp=\" clause, or (3) a trailing \" validate=\" clause accompanied by a shell command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4967",
"url": "https://www.suse.com/security/cve/CVE-2014-4967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-4967"
},
{
"cve": "CVE-2015-3908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3908"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3908",
"url": "https://www.suse.com/security/cve/CVE-2015-3908"
},
{
"category": "external",
"summary": "SUSE Bug 938161 for CVE-2015-3908",
"url": "https://bugzilla.suse.com/938161"
},
{
"category": "external",
"summary": "SUSE Bug 938399 for CVE-2015-3908",
"url": "https://bugzilla.suse.com/938399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-3908"
},
{
"cve": "CVE-2016-3096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3096"
}
],
"notes": [
{
"category": "general",
"text": "The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3096",
"url": "https://www.suse.com/security/cve/CVE-2016-3096"
},
{
"category": "external",
"summary": "SUSE Bug 973546 for CVE-2016-3096",
"url": "https://bugzilla.suse.com/973546"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-3096"
},
{
"cve": "CVE-2016-9587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9587"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9587",
"url": "https://www.suse.com/security/cve/CVE-2016-9587"
},
{
"category": "external",
"summary": "SUSE Bug 1019021 for CVE-2016-9587",
"url": "https://bugzilla.suse.com/1019021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-9587"
},
{
"cve": "CVE-2017-7466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7466"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7466",
"url": "https://www.suse.com/security/cve/CVE-2017-7466"
},
{
"category": "external",
"summary": "SUSE Bug 1019021 for CVE-2017-7466",
"url": "https://bugzilla.suse.com/1019021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7466"
},
{
"cve": "CVE-2017-7481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7481"
}
],
"notes": [
{
"category": "general",
"text": "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as \u0027unsafe\u0027 and is not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7481",
"url": "https://www.suse.com/security/cve/CVE-2017-7481"
},
{
"category": "external",
"summary": "SUSE Bug 1038785 for CVE-2017-7481",
"url": "https://bugzilla.suse.com/1038785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7481"
},
{
"cve": "CVE-2017-7550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7550"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host\u0027s logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7550",
"url": "https://www.suse.com/security/cve/CVE-2017-7550"
},
{
"category": "external",
"summary": "SUSE Bug 1035124 for CVE-2017-7550",
"url": "https://bugzilla.suse.com/1035124"
},
{
"category": "external",
"summary": "SUSE Bug 1065872 for CVE-2017-7550",
"url": "https://bugzilla.suse.com/1065872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7550"
},
{
"cve": "CVE-2018-10855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10855"
}
],
"notes": [
{
"category": "general",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10855",
"url": "https://www.suse.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "SUSE Bug 1097775 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1097775"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10855"
},
{
"cve": "CVE-2018-10875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10875"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10875",
"url": "https://www.suse.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-10875"
},
{
"cve": "CVE-2018-16837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16837"
}
],
"notes": [
{
"category": "general",
"text": "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16837",
"url": "https://www.suse.com/security/cve/CVE-2018-16837"
},
{
"category": "external",
"summary": "SUSE Bug 1112959 for CVE-2018-16837",
"url": "https://bugzilla.suse.com/1112959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16837"
},
{
"cve": "CVE-2018-16859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16859"
}
],
"notes": [
{
"category": "general",
"text": "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for \u0027become\u0027 passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16859",
"url": "https://www.suse.com/security/cve/CVE-2018-16859"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-16859",
"url": "https://bugzilla.suse.com/1109957"
},
{
"category": "external",
"summary": "SUSE Bug 1116587 for CVE-2018-16859",
"url": "https://bugzilla.suse.com/1116587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16859"
},
{
"cve": "CVE-2018-16876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16876"
}
],
"notes": [
{
"category": "general",
"text": "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16876",
"url": "https://www.suse.com/security/cve/CVE-2018-16876"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-16876",
"url": "https://bugzilla.suse.com/1109957"
},
{
"category": "external",
"summary": "SUSE Bug 1118896 for CVE-2018-16876",
"url": "https://bugzilla.suse.com/1118896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-16876"
},
{
"cve": "CVE-2019-10156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10156"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10156",
"url": "https://www.suse.com/security/cve/CVE-2019-10156"
},
{
"category": "external",
"summary": "SUSE Bug 1137528 for CVE-2019-10156",
"url": "https://bugzilla.suse.com/1137528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10156"
},
{
"cve": "CVE-2019-10206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10206"
}
],
"notes": [
{
"category": "general",
"text": "ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10206",
"url": "https://www.suse.com/security/cve/CVE-2019-10206"
},
{
"category": "external",
"summary": "SUSE Bug 1142690 for CVE-2019-10206",
"url": "https://bugzilla.suse.com/1142690"
},
{
"category": "external",
"summary": "SUSE Bug 1154232 for CVE-2019-10206",
"url": "https://bugzilla.suse.com/1154232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10206"
},
{
"cve": "CVE-2019-10217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10217"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10217",
"url": "https://www.suse.com/security/cve/CVE-2019-10217"
},
{
"category": "external",
"summary": "SUSE Bug 1144453 for CVE-2019-10217",
"url": "https://bugzilla.suse.com/1144453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10217"
},
{
"cve": "CVE-2019-14846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14846"
}
],
"notes": [
{
"category": "general",
"text": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14846",
"url": "https://www.suse.com/security/cve/CVE-2019-14846"
},
{
"category": "external",
"summary": "SUSE Bug 1153452 for CVE-2019-14846",
"url": "https://bugzilla.suse.com/1153452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14846"
},
{
"cve": "CVE-2019-14856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14856"
}
],
"notes": [
{
"category": "general",
"text": "ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14856",
"url": "https://www.suse.com/security/cve/CVE-2019-14856"
},
{
"category": "external",
"summary": "SUSE Bug 1154232 for CVE-2019-14856",
"url": "https://bugzilla.suse.com/1154232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14856"
},
{
"cve": "CVE-2019-14858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14858"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14858",
"url": "https://www.suse.com/security/cve/CVE-2019-14858"
},
{
"category": "external",
"summary": "SUSE Bug 1154231 for CVE-2019-14858",
"url": "https://bugzilla.suse.com/1154231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-14858"
},
{
"cve": "CVE-2019-14864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14864"
}
],
"notes": [
{
"category": "general",
"text": "Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14864",
"url": "https://www.suse.com/security/cve/CVE-2019-14864"
},
{
"category": "external",
"summary": "SUSE Bug 1154830 for CVE-2019-14864",
"url": "https://bugzilla.suse.com/1154830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14864"
},
{
"cve": "CVE-2019-14904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14904"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14904",
"url": "https://www.suse.com/security/cve/CVE-2019-14904"
},
{
"category": "external",
"summary": "SUSE Bug 1157968 for CVE-2019-14904",
"url": "https://bugzilla.suse.com/1157968"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14904"
},
{
"cve": "CVE-2019-14905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14905"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible\u0027s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14905",
"url": "https://www.suse.com/security/cve/CVE-2019-14905"
},
{
"category": "external",
"summary": "SUSE Bug 1157969 for CVE-2019-14905",
"url": "https://bugzilla.suse.com/1157969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14905"
},
{
"cve": "CVE-2019-3828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3828"
}
],
"notes": [
{
"category": "general",
"text": "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3828",
"url": "https://www.suse.com/security/cve/CVE-2019-3828"
},
{
"category": "external",
"summary": "SUSE Bug 1126503 for CVE-2019-3828",
"url": "https://bugzilla.suse.com/1126503"
},
{
"category": "external",
"summary": "SUSE Bug 1164137 for CVE-2019-3828",
"url": "https://bugzilla.suse.com/1164137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-3828"
},
{
"cve": "CVE-2020-10684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10684"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10684",
"url": "https://www.suse.com/security/cve/CVE-2020-10684"
},
{
"category": "external",
"summary": "SUSE Bug 1167532 for CVE-2020-10684",
"url": "https://bugzilla.suse.com/1167532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-10684"
},
{
"cve": "CVE-2020-10685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10685"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10685",
"url": "https://www.suse.com/security/cve/CVE-2020-10685"
},
{
"category": "external",
"summary": "SUSE Bug 1167440 for CVE-2020-10685",
"url": "https://bugzilla.suse.com/1167440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10685"
},
{
"cve": "CVE-2020-10691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10691"
}
],
"notes": [
{
"category": "general",
"text": "An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10691",
"url": "https://www.suse.com/security/cve/CVE-2020-10691"
},
{
"category": "external",
"summary": "SUSE Bug 1167873 for CVE-2020-10691",
"url": "https://bugzilla.suse.com/1167873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10691"
},
{
"cve": "CVE-2020-10729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10729"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10729",
"url": "https://www.suse.com/security/cve/CVE-2020-10729"
},
{
"category": "external",
"summary": "SUSE Bug 1171162 for CVE-2020-10729",
"url": "https://bugzilla.suse.com/1171162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10729"
},
{
"cve": "CVE-2020-14330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14330"
}
],
"notes": [
{
"category": "general",
"text": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14330",
"url": "https://www.suse.com/security/cve/CVE-2020-14330"
},
{
"category": "external",
"summary": "SUSE Bug 1174145 for CVE-2020-14330",
"url": "https://bugzilla.suse.com/1174145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-14330"
},
{
"cve": "CVE-2020-14332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14332"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14332",
"url": "https://www.suse.com/security/cve/CVE-2020-14332"
},
{
"category": "external",
"summary": "SUSE Bug 1174302 for CVE-2020-14332",
"url": "https://bugzilla.suse.com/1174302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-14332"
},
{
"cve": "CVE-2020-1733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1733"
}
],
"notes": [
{
"category": "general",
"text": "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 \u0026\u0026 mkdir -p \u003cdir\u003e\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating \u0027/proc/\u003cpid\u003e/cmdline\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1733",
"url": "https://www.suse.com/security/cve/CVE-2020-1733"
},
{
"category": "external",
"summary": "SUSE Bug 1164140 for CVE-2020-1733",
"url": "https://bugzilla.suse.com/1164140"
},
{
"category": "external",
"summary": "SUSE Bug 1171823 for CVE-2020-1733",
"url": "https://bugzilla.suse.com/1171823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1733"
},
{
"cve": "CVE-2020-1734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1734"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1734",
"url": "https://www.suse.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "SUSE Bug 1164139 for CVE-2020-1734",
"url": "https://bugzilla.suse.com/1164139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-1734"
},
{
"cve": "CVE-2020-1735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1735"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1735",
"url": "https://www.suse.com/security/cve/CVE-2020-1735"
},
{
"category": "external",
"summary": "SUSE Bug 1164137 for CVE-2020-1735",
"url": "https://bugzilla.suse.com/1164137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1735"
},
{
"cve": "CVE-2020-1736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1736"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1736",
"url": "https://www.suse.com/security/cve/CVE-2020-1736"
},
{
"category": "external",
"summary": "SUSE Bug 1164134 for CVE-2020-1736",
"url": "https://bugzilla.suse.com/1164134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-1736"
},
{
"cve": "CVE-2020-1737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1737"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1737",
"url": "https://www.suse.com/security/cve/CVE-2020-1737"
},
{
"category": "external",
"summary": "SUSE Bug 1164138 for CVE-2020-1737",
"url": "https://bugzilla.suse.com/1164138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-1737"
},
{
"cve": "CVE-2020-1738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1738"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when the module package or service is used and the parameter \u0027use\u0027 is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1738",
"url": "https://www.suse.com/security/cve/CVE-2020-1738"
},
{
"category": "external",
"summary": "SUSE Bug 1164136 for CVE-2020-1738",
"url": "https://bugzilla.suse.com/1164136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1738"
},
{
"cve": "CVE-2020-1739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1739"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1739",
"url": "https://www.suse.com/security/cve/CVE-2020-1739"
},
{
"category": "external",
"summary": "SUSE Bug 1164133 for CVE-2020-1739",
"url": "https://bugzilla.suse.com/1164133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1739"
},
{
"cve": "CVE-2020-1740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1740"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1740",
"url": "https://www.suse.com/security/cve/CVE-2020-1740"
},
{
"category": "external",
"summary": "SUSE Bug 1164135 for CVE-2020-1740",
"url": "https://bugzilla.suse.com/1164135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-1740"
},
{
"cve": "CVE-2020-1744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1744"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1744",
"url": "https://www.suse.com/security/cve/CVE-2020-1744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1744"
},
{
"cve": "CVE-2020-1746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1746"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1746",
"url": "https://www.suse.com/security/cve/CVE-2020-1746"
},
{
"category": "external",
"summary": "SUSE Bug 1165393 for CVE-2020-1746",
"url": "https://bugzilla.suse.com/1165393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1746"
},
{
"cve": "CVE-2020-1753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1753"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1753",
"url": "https://www.suse.com/security/cve/CVE-2020-1753"
},
{
"category": "external",
"summary": "SUSE Bug 1166389 for CVE-2020-1753",
"url": "https://bugzilla.suse.com/1166389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-1753"
},
{
"cve": "CVE-2021-20178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20178"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20178",
"url": "https://www.suse.com/security/cve/CVE-2021-20178"
},
{
"category": "external",
"summary": "SUSE Bug 1180816 for CVE-2021-20178",
"url": "https://bugzilla.suse.com/1180816"
},
{
"category": "external",
"summary": "SUSE Bug 1186493 for CVE-2021-20178",
"url": "https://bugzilla.suse.com/1186493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20178"
},
{
"cve": "CVE-2021-20180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20180"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20180",
"url": "https://www.suse.com/security/cve/CVE-2021-20180"
},
{
"category": "external",
"summary": "SUSE Bug 1180942 for CVE-2021-20180",
"url": "https://bugzilla.suse.com/1180942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20180"
},
{
"cve": "CVE-2021-20191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20191"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20191",
"url": "https://www.suse.com/security/cve/CVE-2021-20191"
},
{
"category": "external",
"summary": "SUSE Bug 1181119 for CVE-2021-20191",
"url": "https://bugzilla.suse.com/1181119"
},
{
"category": "external",
"summary": "SUSE Bug 1181935 for CVE-2021-20191",
"url": "https://bugzilla.suse.com/1181935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20191"
},
{
"cve": "CVE-2021-20228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20228"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20228",
"url": "https://www.suse.com/security/cve/CVE-2021-20228"
},
{
"category": "external",
"summary": "SUSE Bug 1181935 for CVE-2021-20228",
"url": "https://bugzilla.suse.com/1181935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-20228"
},
{
"cve": "CVE-2021-3583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3583"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible, where a user\u0027s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3583",
"url": "https://www.suse.com/security/cve/CVE-2021-3583"
},
{
"category": "external",
"summary": "SUSE Bug 1188061 for CVE-2021-3583",
"url": "https://bugzilla.suse.com/1188061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.aarch64",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.s390x",
"openSUSE Tumbleweed:ansible-11-11.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3583"
}
]
}
FKIE_CVE-2018-10855
Vulnerability from fkie_nvd - Published: 2018-07-03 01:29 - Updated: 2024-11-21 03:42
Severity ?
Summary
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_engine | * | |
| redhat | ansible_engine | * | |
| redhat | ansible_engine | 2.0 | |
| redhat | cloudforms | 4.6 | |
| redhat | openstack | 13 | |
| redhat | virtualization | 4.0 | |
| debian | debian_linux | 9.0 | |
| redhat | openstack | 10 | |
| redhat | openstack | 12 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B1CF308-19C7-4007-A72F-44F68C36B22A",
"versionEndExcluding": "2.4.5",
"versionStartIncluding": "2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "725395D6-82FA-47E1-A88D-F25B576E4B91",
"versionEndIncluding": "2.5.5",
"versionStartExcluding": "2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8989CD03-49A1-4831-BF98-9F21592788BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "67F7263F-113D-4BAE-B8CB-86A61531A2AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible."
},
{
"lang": "es",
"value": "Ansible, en versiones 2.5 anteriores a la 2.5.5 y 2.4 anteriores a la 2.4.5, no cumplen con la marca de tarea no_log para las tareas fallidas. Cuando se ha empleado la marca no_log para proteger datos sensibles que se pasan a una tarea desde que se registra y esa tarea no se ejecuta con \u00e9xito, Ansible mostrar\u00e1 datos sensibles en archivos de registro y en el terminal del usuario que ejecuta Ansible."
}
],
"id": "CVE-2018-10855",
"lastModified": "2024-11-21T03:42:08.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-03T01:29:00.580",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4072-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4072-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4396"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-JWCC-J78W-J73W
Vulnerability from github – Published: 2018-10-10 17:23 – Updated: 2024-11-18 16:26
VLAI?
Summary
Ansible exposes sensitive data in log files and on the terminal
Details
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0a1"
},
{
"fixed": "2.5.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0.0"
},
{
"fixed": "2.4.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-10855"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:44:13Z",
"nvd_published_at": "2018-07-03T01:29:00Z",
"severity": "HIGH"
},
"details": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"id": "GHSA-jwcc-j78w-j73w",
"modified": "2024-11-18T16:26:08Z",
"published": "2018-10-10T17:23:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-jwcc-j78w-j73w"
},
{
"type": "PACKAGE",
"url": "https://github.com/ansible/ansible"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-42.yaml"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4072-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4396"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Ansible exposes sensitive data in log files and on the terminal"
}
GSD-2018-10855
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-10855",
"description": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"id": "GSD-2018-10855",
"references": [
"https://www.suse.com/security/cve/CVE-2018-10855.html",
"https://www.debian.org/security/2019/dsa-4396",
"https://access.redhat.com/errata/RHSA-2019:0054",
"https://access.redhat.com/errata/RHBA-2018:3788",
"https://access.redhat.com/errata/RHSA-2018:2585",
"https://access.redhat.com/errata/RHSA-2018:2184",
"https://access.redhat.com/errata/RHSA-2018:2079",
"https://access.redhat.com/errata/RHSA-2018:2022",
"https://access.redhat.com/errata/RHSA-2018:1949",
"https://access.redhat.com/errata/RHSA-2018:1948",
"https://ubuntu.com/security/CVE-2018-10855",
"https://advisories.mageia.org/CVE-2018-10855.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-10855"
],
"details": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"id": "GSD-2018-10855",
"modified": "2023-12-13T01:22:41.077476Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ansible",
"version": {
"version_data": [
{
"version_value": "Ansible 2.4.5"
},
{
"version_value": "Ansible 2.5.5"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1949",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855"
},
{
"name": "RHBA-2018:3788",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2018:1948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
},
{
"name": "RHSA-2018:2184",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
},
{
"name": "RHSA-2018:2022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
},
{
"name": "RHSA-2019:0054",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "RHSA-2018:2079",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
},
{
"name": "RHSA-2018:2585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "DSA-4396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4396"
},
{
"name": "USN-4072-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4072-1/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "==2.0||\u003e=2.4,\u003c2.4.5||\u003e2.5,\u003c=2.5.5",
"affected_versions": "Version 2.0, all versions starting from 2.4 before 2.4.5, all versions after 2.5 up to 2.5.5",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-532",
"CWE-937"
],
"date": "2019-07-25",
"description": "Ansible does not honor the `no_log` task flag for failed tasks. When the `no_log` flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"fixed_versions": [
"2.0.0.1",
"2.4.5.0",
"2.5.6"
],
"identifier": "CVE-2018-10855",
"identifiers": [
"CVE-2018-10855"
],
"not_impacted": "All versions before 2.0, all versions after 2.0 before 2.4, all versions starting from 2.4.5 up to 2.5, all versions after 2.5.5",
"package_slug": "pypi/ansible",
"pubdate": "2018-07-03",
"solution": "Upgrade to versions 2.0.0.1, 2.4.5.0, 2.5.6 or above.",
"title": "Inclusion of Sensitive Information in Log Files",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855"
],
"uuid": "bc541fd8-589a-4b40-a66e-ba4974abc749"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.5",
"versionStartExcluding": "2.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.5",
"versionStartIncluding": "2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10855"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855"
},
{
"name": "RHSA-2018:2079",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
},
{
"name": "RHSA-2018:2022",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
},
{
"name": "RHSA-2018:1949",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
},
{
"name": "RHSA-2018:1948",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
},
{
"name": "RHSA-2018:2184",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
},
{
"name": "RHSA-2018:2585",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "RHBA-2018:3788",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2019:0054",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "DSA-4396",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4396"
},
{
"name": "USN-4072-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4072-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-08-04T17:14Z",
"publishedDate": "2018-07-03T01:29Z"
}
}
}
CNVD-2018-12556
Vulnerability from cnvd - Published: 2018-07-05
VLAI Severity ?
Title
Ansible信息泄露漏洞(CNVD-2018-12556)
Description
Ansible是美国Ansible公司的一款计算机系统配置管理器,它可用于发布、管理和编排计算机系统。
Ansible 2.5.5之前的2.5版本和2.4.5之前的2.4版本中存在安全漏洞。攻击者可利用该漏洞在日志文件和运行Ansible的用户终端上公开敏感数据。
Severity
中
Patch Name
Ansible信息泄露漏洞(CNVD-2018-12556)的补丁
Patch Description
Ansible是美国Ansible公司的一款计算机系统配置管理器,它可用于发布、管理和编排计算机系统。
Ansible 2.5.5之前的2.5版本和2.4.5之前的2.4版本中存在安全漏洞。攻击者可利用该漏洞在日志文件和运行Ansible的用户终端上公开敏感数据。 目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://www.ansible.com/
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855
Impacted products
| Name | ['Ansible ansible 2.5,<2.5.5', 'Ansible ansible 2.4,<2.4.5'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-10855"
}
},
"description": "Ansible\u662f\u7f8e\u56fdAnsible\u516c\u53f8\u7684\u4e00\u6b3e\u8ba1\u7b97\u673a\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5668\uff0c\u5b83\u53ef\u7528\u4e8e\u53d1\u5e03\u3001\u7ba1\u7406\u548c\u7f16\u6392\u8ba1\u7b97\u673a\u7cfb\u7edf\u3002\r\n\r\nAnsible 2.5.5\u4e4b\u524d\u76842.5\u7248\u672c\u548c2.4.5\u4e4b\u524d\u76842.4\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u65e5\u5fd7\u6587\u4ef6\u548c\u8fd0\u884cAnsible\u7684\u7528\u6237\u7ec8\u7aef\u4e0a\u516c\u5f00\u654f\u611f\u6570\u636e\u3002",
"discovererName": "Sam Fowler",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.ansible.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-12556",
"openTime": "2018-07-05",
"patchDescription": "Ansible\u662f\u7f8e\u56fdAnsible\u516c\u53f8\u7684\u4e00\u6b3e\u8ba1\u7b97\u673a\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5668\uff0c\u5b83\u53ef\u7528\u4e8e\u53d1\u5e03\u3001\u7ba1\u7406\u548c\u7f16\u6392\u8ba1\u7b97\u673a\u7cfb\u7edf\u3002\r\n\r\nAnsible 2.5.5\u4e4b\u524d\u76842.5\u7248\u672c\u548c2.4.5\u4e4b\u524d\u76842.4\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u65e5\u5fd7\u6587\u4ef6\u548c\u8fd0\u884cAnsible\u7684\u7528\u6237\u7ec8\u7aef\u4e0a\u516c\u5f00\u654f\u611f\u6570\u636e\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Ansible\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-12556\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Ansible ansible 2.5\uff0c\u003c2.5.5",
"Ansible ansible 2.4\uff0c\u003c2.4.5"
]
},
"referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855",
"serverity": "\u4e2d",
"submitTime": "2018-07-05",
"title": "Ansible\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-12556\uff09"
}
PYSEC-2018-42
Vulnerability from pysec - Published: 2018-07-03 01:29 - Updated: 2021-07-02 02:41
VLAI?
Details
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
Impacted products
| Name | purl | ansible | pkg:pypi/ansible |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible",
"purl": "pkg:pypi/ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.5"
},
{
"fixed": "2.5.5"
},
{
"introduced": "2.4"
},
{
"fixed": "2.4.5.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.0.0",
"2.4.1.0",
"2.4.2.0",
"2.4.3.0",
"2.4.4.0",
"2.5.0",
"2.5.1",
"2.5.2",
"2.5.3",
"2.5.4"
]
}
],
"aliases": [
"CVE-2018-10855",
"GHSA-jwcc-j78w-j73w"
],
"details": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"id": "PYSEC-2018-42",
"modified": "2021-07-02T02:41:34.017806Z",
"published": "2018-07-03T01:29:00Z",
"references": [
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:2079"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:2022"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:1949"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:1948"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:2184"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"type": "ADVISORY",
"url": "https://www.debian.org/security/2019/dsa-4396"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4072-1/"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-jwcc-j78w-j73w"
}
]
}
SUSE-SU-2018:4130-1
Vulnerability from csaf_suse - Published: 2018-12-14 15:12 - Updated: 2018-12-14 15:12Summary
Security update for ansible
Notes
Title of the patch
Security update for ansible
Description of the patch
This update for ansible fixes the following issues:
Ansible was updated to ansible 2.4.6.0.
The full release notes can be found on:
https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md
Security issues fixed:
- CVE-2018-10875: ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. (bsc#1099808)
- CVE-2018-10874: It was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. (bsc#1099805)
- CVE-2018-10855: Ansible did not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. (bsc#1097775)
Patchnames
HPE-Helion-OpenStack-8-2018-2943,SUSE-OpenStack-Cloud-8-2018-2943,SUSE-OpenStack-Cloud-Crowbar-8-2018-2943
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ansible",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ansible fixes the following issues:\n\nAnsible was updated to ansible 2.4.6.0.\n\nThe full release notes can be found on:\n\n\thttps://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md\n\nSecurity issues fixed:\n\n- CVE-2018-10875: ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. (bsc#1099808)\n- CVE-2018-10874: It was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result. (bsc#1099805)\n- CVE-2018-10855: Ansible did not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. (bsc#1097775)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2018-2943,SUSE-OpenStack-Cloud-8-2018-2943,SUSE-OpenStack-Cloud-Crowbar-8-2018-2943",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_4130-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:4130-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20184130-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:4130-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004967.html"
},
{
"category": "self",
"summary": "SUSE Bug 1097775",
"url": "https://bugzilla.suse.com/1097775"
},
{
"category": "self",
"summary": "SUSE Bug 1099805",
"url": "https://bugzilla.suse.com/1099805"
},
{
"category": "self",
"summary": "SUSE Bug 1099808",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10855 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10875/"
}
],
"title": "Security update for ansible",
"tracking": {
"current_release_date": "2018-12-14T15:12:26Z",
"generator": {
"date": "2018-12-14T15:12:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:4130-1",
"initial_release_date": "2018-12-14T15:12:26Z",
"revision_history": [
{
"date": "2018-12-14T15:12:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ansible-2.4.6.0-3.3.1.noarch",
"product": {
"name": "ansible-2.4.6.0-3.3.1.noarch",
"product_id": "ansible-2.4.6.0-3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-2.4.6.0-3.3.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:ansible-2.4.6.0-3.3.1.noarch"
},
"product_reference": "ansible-2.4.6.0-3.3.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-2.4.6.0-3.3.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:ansible-2.4.6.0-3.3.1.noarch"
},
"product_reference": "ansible-2.4.6.0-3.3.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-2.4.6.0-3.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:ansible-2.4.6.0-3.3.1.noarch"
},
"product_reference": "ansible-2.4.6.0-3.3.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10855"
}
],
"notes": [
{
"category": "general",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:ansible-2.4.6.0-3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10855",
"url": "https://www.suse.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "SUSE Bug 1097775 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1097775"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10855",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:ansible-2.4.6.0-3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:ansible-2.4.6.0-3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-14T15:12:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-10855"
},
{
"cve": "CVE-2018-10874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10874"
}
],
"notes": [
{
"category": "general",
"text": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:ansible-2.4.6.0-3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10874",
"url": "https://www.suse.com/security/cve/CVE-2018-10874"
},
{
"category": "external",
"summary": "SUSE Bug 1097775 for CVE-2018-10874",
"url": "https://bugzilla.suse.com/1097775"
},
{
"category": "external",
"summary": "SUSE Bug 1099805 for CVE-2018-10874",
"url": "https://bugzilla.suse.com/1099805"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10874",
"url": "https://bugzilla.suse.com/1099808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:ansible-2.4.6.0-3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:ansible-2.4.6.0-3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-14T15:12:26Z",
"details": "important"
}
],
"title": "CVE-2018-10874"
},
{
"cve": "CVE-2018-10875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10875"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:ansible-2.4.6.0-3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10875",
"url": "https://www.suse.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "SUSE Bug 1099808 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1099808"
},
{
"category": "external",
"summary": "SUSE Bug 1109957 for CVE-2018-10875",
"url": "https://bugzilla.suse.com/1109957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:ansible-2.4.6.0-3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud 8:ansible-2.4.6.0-3.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:ansible-2.4.6.0-3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-14T15:12:26Z",
"details": "important"
}
],
"title": "CVE-2018-10875"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…