DSA-4396-1 ansible -- ansibleID: oval:org.secpod.oval:def:603640 | Date: (C)2019-03-29 (M)2023-12-20 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn"t honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working directory. CVE-2018-16837 The user module leaked parameters passed to ssh-keygen to the process environment. CVE-2019-3828 The fetch module was susceptible to path traversal.