Download
| Alert*
oval:org.secpod.oval:def:106585
ansible is installed oval:org.secpod.oval:def:704512 ansible is installed oval:org.secpod.oval:def:117025 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:1800242 ansible is installed oval:org.secpod.oval:def:1801177 Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the ... oval:org.secpod.oval:def:106870 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:107181 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:109258 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:109255 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:105757 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:110445 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:110440 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:107176 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:107331 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:106875 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:105948 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:107320 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:113384 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:113614 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:113377 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:502155 Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed mac ... oval:org.secpod.oval:def:2000636 A flaw was found in the way Ansible passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host"s logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the ... oval:org.secpod.oval:def:116055 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:116071 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:111601 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:1900756 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA based off of CNT 3. Further investigation determined that there was a secure method for using the directive. Notes: none. oval:org.secpod.oval:def:1900568 The create_script function in the lxc_container module in Ansible before1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on /opt/.lxc-attach-script, the archived container in the archive_path directory, or the lxc-attach-script.lo ... oval:org.secpod.oval:def:1901016 A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. oval:org.secpod.oval:def:114805 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:1900989 In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker"s control, allowing to run arbitrary code as a result. oval:org.secpod.oval:def:2000208 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating ... oval:org.secpod.oval:def:53518 Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn"t honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working directory. CVE-20 ... oval:org.secpod.oval:def:1901240 A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. oval:org.secpod.oval:def:1900358 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly marklookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, result ing in code execution. By default, the jinja2 templating ... oval:org.secpod.oval:def:112450 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:114704 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:114706 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:112447 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:115670 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:603640 Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn"t honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working directory. CVE-20 ... oval:org.secpod.oval:def:114777 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:1900093 ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. oval:org.secpod.oval:def:1701738 A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This ... oval:org.secpod.oval:def:74573 Several vulnerabilities have been found in Ansible, a configuration management, deployment and task execution system, which could result in information disclosure or argument injection. In addition a race condition in become_user was fixed. oval:org.secpod.oval:def:1701771 A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attack ... oval:org.secpod.oval:def:1701714 A flaw was found in ansible. The 'authkey' and 'privkey' credentials are disclosed by default and not protected by no_log feature when using the snmp_facts module. Attackers could take advantage of this information to steal the SNMP credentials. The highest threat from this vulnerability is to data ... oval:org.secpod.oval:def:117710 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:116777 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:705085 ansible: Configuration management, deployment, and task execution system Several security issues were fixed in Ansible. oval:org.secpod.oval:def:116776 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:1701779 A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name ... oval:org.secpod.oval:def:1701763 A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage ... oval:org.secpod.oval:def:1701681 An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri mod ... oval:org.secpod.oval:def:117723 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:118611 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:1701711 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw le ... oval:org.secpod.oval:def:112302 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:112320 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:1800241 An input validation vulnerability was found in Ansible"s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server usin ... oval:org.secpod.oval:def:111941 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:1900570 An input validation vulnerability was found in Ansible"s mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. oval:org.secpod.oval:def:111939 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... oval:org.secpod.oval:def:1800678 An input validation vulnerability was found in Ansible"s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server usin ... oval:org.secpod.oval:def:126905 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to m ... |