Information on source package ansible

Available versions

ReleaseVersion
buster2.7.7+dfsg-1+deb10u1
buster (security)2.7.7+dfsg-1+deb10u2
bullseye2.10.7+merged+base+2.10.8+dfsg-1
bookworm7.3.0+dfsg-1
sid7.7.0+dfsg-3

Open issues

BugbusterbullseyebookwormsidDescription
CVE-2024-0690vulnerablevulnerable (no DSA)fixedfixedAn information disclosure flaw was found in ansible-core due to a fail ...
CVE-2023-5764vulnerablevulnerable (no DSA)fixedfixedA template injection flaw was found in Ansible where a user's controll ...
CVE-2023-5115fixedvulnerable (no DSA)fixedfixedAn absolute path traversal attack exists in the Ansible automation pla ...
CVE-2023-4237vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerableA flaw was found in the Ansible Automation Platform. When creating a n ...
CVE-2022-3697fixedvulnerable (no DSA)fixedfixedA flaw was found in Ansible in the amazon.aws collection when using th ...
CVE-2021-20191fixedvulnerable (no DSA)fixedfixedA flaw was found in ansible. Credentials, such as secrets, are being d ...
CVE-2021-20180fixedvulnerable (no DSA)fixedfixedA flaw was found in ansible module where credentials are disclosed in ...
CVE-2021-20178fixedvulnerable (no DSA)fixedfixedA flaw was found in ansible module where credentials are disclosed in ...
CVE-2021-3620fixedvulnerable (no DSA, postponed)fixedfixedA flaw was found in Ansible Engine's ansible-connection module, where ...
CVE-2021-3583fixedvulnerable (no DSA)fixedfixedA flaw was found in Ansible, where a user's controller is vulnerable t ...
CVE-2019-14905vulnerable (no DSA)fixedfixedfixedA vulnerability was found in Ansible Engine versions 2.9.x before 2.9. ...
CVE-2019-14858vulnerable (no DSA)fixedfixedfixedA vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible ...

Open unimportant issues

BugbusterbullseyebookwormsidDescription
CVE-2020-1738vulnerablevulnerablevulnerablevulnerableA flaw was found in Ansible Engine when the module package or service ...
CVE-2020-1737vulnerablefixedfixedfixedA flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ...
CVE-2020-1736vulnerablevulnerablevulnerablevulnerableA flaw was found in Ansible Engine when a file is moved using atomic_m ...
CVE-2020-1734vulnerablevulnerablevulnerablevulnerableA flaw was found in the pipe lookup plugin of ansible. Arbitrary comma ...

Resolved issues

BugDescription
CVE-2021-20228A flaw was found in the Ansible Engine 2.9.18, where sensitive info is ...
CVE-2021-3447A flaw was found in several ansible modules, where parameters containi ...
CVE-2020-25646A flaw was found in Ansible Collection community.crypto. openssl_priva ...
CVE-2020-25636A flaw was found in Ansible Base when using the aws_ssm connection plu ...
CVE-2020-25635A flaw was found in Ansible Base when using the aws_ssm connection plu ...
CVE-2020-14365A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...
CVE-2020-14332A flaw was found in the Ansible Engine when using module_args. Tasks e ...
CVE-2020-14330An Improper Output Neutralization for Logs flaw was found in Ansible w ...
CVE-2020-10744An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansi ...
CVE-2020-10729A flaw was found in the use of insufficiently random values in Ansible ...
CVE-2020-10691An archive traversal flaw was found in all ansible-engine versions 2.9 ...
CVE-2020-10685A flaw was found in Ansible Engine affecting Ansible Engine versions 2 ...
CVE-2020-10684A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...
CVE-2020-1753A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...
CVE-2020-1746A flaw was found in the Ansible Engine affecting Ansible Engine versio ...
CVE-2020-1740A flaw was found in Ansible Engine when using Ansible Vault for editin ...
CVE-2020-1739A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9 ...
CVE-2020-1735A flaw was found in the Ansible Engine when the fetch module is used. ...
CVE-2020-1733A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...
CVE-2019-14904A flaw was found in the solaris_zone module from the Ansible Community ...
CVE-2019-14864Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible v ...
CVE-2019-14856ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
CVE-2019-14846In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, an ...
CVE-2019-10217A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensit ...
CVE-2019-10206ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...
CVE-2019-10156A flaw was discovered in the way Ansible templating was implemented in ...
CVE-2019-3828Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path ...
CVE-2018-16876ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a infor ...
CVE-2018-16859Execution of Ansible playbooks on Windows platforms with PowerShell Sc ...
CVE-2018-16837Ansible "User" module leaks any data which is passed on as a parameter ...
CVE-2018-10875A flaw was found in ansible. ansible.cfg is read from the current work ...
CVE-2018-10874In ansible it was found that inventory variables are loaded from curre ...
CVE-2018-10855Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the n ...
CVE-2017-7550A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x bef ...
CVE-2017-7481Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark loo ...
CVE-2017-7466Ansible before version 2.3 has an input validation vulnerability in th ...
CVE-2016-9587Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper inpu ...
CVE-2016-8647An input validation vulnerability was found in Ansible's mysql_user mo ...
CVE-2016-8628Ansible before version 2.2.0 fails to properly sanitize fact variables ...
CVE-2016-8614A flaw was found in Ansible before version 2.2.0. The apt_key module d ...
CVE-2016-3096The create_script function in the lxc_container module in Ansible befo ...
CVE-2015-6240The chroot, jail, and zone connection plugins in ansible before 1.9.2 ...
CVE-2015-3908Ansible before 1.9.2 does not verify that the server hostname matches ...
CVE-2014-4967Multiple argument injection vulnerabilities in Ansible before 1.6.7 al ...
CVE-2014-4966Ansible before 1.6.7 does not prevent inventory data with "{{" and "lo ...
CVE-2014-4678The safe_eval function in Ansible before 1.6.4 does not properly restr ...
CVE-2014-4660Ansible before 1.5.5 constructs filenames containing user and password ...
CVE-2014-4659Ansible before 1.5.5 sets 0644 permissions for sources.list, which mig ...
CVE-2014-4658The vault subsystem in Ansible before 1.5.5 does not set the umask bef ...
CVE-2014-4657The safe_eval function in Ansible before 1.5.4 does not properly restr ...
CVE-2014-3498The user module in ansible before 1.6.6 allows remote authenticated us ...
CVE-2014-2686Ansible prior to 1.5.4 mishandles the evaluation of some strings.
CVE-2013-4260lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when p ...
CVE-2013-4259runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using C ...
CVE-2013-2233Ansible before 1.2.1 makes it easier for remote attackers to conduct m ...

Security announcements

DSA / DLADescription
DLA-3695-1ansible - security update
DSA-4950-1ansible - security update
DLA-2535-1ansible - security update
DLA-2202-1ansible - security update
DLA-1923-1ansible - security update
DSA-4396-1ansible - security update
DLA-1576-1ansible - security update

Search for package or bug name: Reporting problems