Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4950-1:53D76
HistoryAug 07, 2021 - 9:26 a.m.

[SECURITY] [DSA 4950-1] ansible security update

2021-08-0709:26:39
lists.debian.org
69

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

7.9 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.8%

JSON

Debian Security Advisory DSA-4950-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
August 07, 2021 https://www.debian.org/security/faq

Package : ansible
CVE ID : CVE-2019-10156 CVE-2019-10206 CVE-2019-14846 CVE-2019-14864
CVE-2019-14904 CVE-2020-1733 CVE-2020-1735 CVE-2020-1739
CVE-2020-1740 CVE-2020-1746 CVE-2020-1753 CVE-2020-10684
CVE-2020-10685 CVE-2020-10729 CVE-2020-14330 CVE-2020-14332
CVE-2020-14365 CVE-2021-20228

Several vulnerabilities have been found in Ansible, a configuration
management, deployment and task execution system, which could result in
information disclosure or argument injection. In addition a race
condition in become_user was fixed.

For the stable distribution (buster), these problems have been fixed in
version 2.7.7+dfsg-1+deb10u1.

We recommend that you upgrade your ansible packages.

For the detailed security status of ansible please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ansible

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10allansible-doc< 2.7.7+dfsg-1+deb10u1ansible-doc_2.7.7+dfsg-1+deb10u1_all.deb
Debian10allansible< 2.7.7+dfsg-1+deb10u1ansible_2.7.7+dfsg-1+deb10u1_all.deb

Related

osv 23
openvas 16
nessus 37
fedora 11
redhat 17
mageia 3
debian 2
suse 3
gentoo 1
photon 5
cvelist 8
redhatcve 8
ubuntucve 7
nvd 7
prion 8
alpinelinux 5
cve 9
debiancve 7
veracode 9
github 9
f5 1
cbl_mariner 1
archlinux 1
symantec 1
osv
osv
ansible - security update
2021-08-07 00:00:00
ansible - security update
2020-05-05 00:00:00
ansible - security update
2021-01-27 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4950-1)
2021-08-08 00:00:00
Fedora: Security Advisory for ansible (FEDORA-2020-1b6ce91e37)
2020-04-30 00:00:00
Fedora: Security Advisory for ansible (FEDORA-2020-f80154b5b4)
2020-04-30 00:00:00
nessus
nessus
Debian DSA-4950-1 : ansible - security update
2021-08-07 00:00:00
Amazon Linux 2 : ansible (ALASANSIBLE2-2023-008)
2023-09-27 00:00:00
RHEL 7 / 8 : Ansible security and bug fix update (2.9.7) (Important) (RHSA-2020:1542)
2020-04-22 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: ansible-2.9.7-1.fc30
2020-04-27 03:07:00
[SECURITY] Fedora 32 Update: ansible-2.9.7-1.fc32
2020-04-27 02:46:08
[SECURITY] Fedora 31 Update: ansible-2.9.7-1.fc31
2020-04-27 04:48:07
redhat
redhat
(RHSA-2020:1544) Important: Ansible security and bug fix update (2.7.17)
2020-04-22 13:13:10
(RHSA-2020:1541) Important: Ansible security and bug fix update (2.9.7)
2020-04-22 13:12:31
(RHSA-2020:1542) Important: Ansible security and bug fix update (2.9.7)
2020-04-22 13:12:44
mageia
mageia
Updated ansible packages fix security vulnerabilities
2020-05-24 21:04:47
Updated ansible packages fix security vulnerabilities
2019-11-02 19:54:34
Updated ansible packages fix security vulnerability
2019-12-06 17:15:42
debian
debian
[SECURITY] [DLA 2202-1] ansible security update
2020-05-05 14:22:50
[SECURITY] [DLA 2535-1] ansible security update
2021-01-27 21:14:42
suse
suse
Security update for ansible (important)
2022-03-16 00:00:00
Security update for ansible (moderate)
2020-04-13 00:00:00
Security update for ansible (moderate)
2020-04-16 00:00:00
gentoo
gentoo
Ansible: Multiple vulnerabilities
2020-06-13 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0226
2020-04-07 00:00:00
Important Photon OS Security Update - PHSA-2020-0226
2020-04-07 00:00:00
Important Photon OS Security Update - PHSA-2020-0078
2020-04-08 00:00:00
cvelist
cvelist
CVE-2020-14330
2020-09-11 00:00:00
CVE-2019-14904
2020-08-25 23:21:47
CVE-2020-10729
2021-05-27 18:46:12
redhatcve
redhatcve
CVE-2020-14365
2020-08-31 07:27:59
CVE-2019-14904
2019-11-27 18:47:54
CVE-2020-10729
2020-05-04 18:10:13
ubuntucve
ubuntucve
CVE-2020-14365
2020-09-23 00:00:00
CVE-2020-14330
2020-09-11 00:00:00
CVE-2020-14332
2020-09-11 00:00:00
nvd
nvd
CVE-2020-14365
2020-09-23 13:15:15
CVE-2019-14904
2020-08-26 03:15:11
CVE-2020-14330
2020-09-11 18:15:13
prion
prion
Command injection
2020-08-26 03:15:00
Cross site request forgery (csrf)
2021-05-27 19:15:00
Design/Logic Flaw
2020-09-23 13:15:00
alpinelinux
alpinelinux
CVE-2019-14904
2020-08-26 03:15:11
CVE-2020-14365
2020-09-23 13:15:15
CVE-2019-10206
2019-11-22 13:15:11
cve
cve
CVE-2020-10729
2021-05-27 19:15:07
CVE-2020-14330
2020-09-11 18:15:13
CVE-2019-14904
2020-08-26 03:15:11
debiancve
debiancve
CVE-2020-14330
2020-09-11 18:15:13
CVE-2020-10729
2021-05-27 19:15:07
CVE-2019-14846
2019-10-08 19:15:10
veracode
veracode
Information Disclosure
2020-07-23 03:37:49
Man-in-the-Middle (MitM)
2020-09-01 02:09:27
OS Command Injection
2019-12-02 07:55:53
github
github
Ansible Uses Plugins That Disclose Credentials
2022-05-24 16:58:01
Improper Verification of Cryptographic Signature in ansible
2021-04-20 16:44:07
Ansible password prompts could expose passwords
2022-05-24 17:01:46
f5
f5
K52013062 : Ansible Engine vulnerability CVE-2020-14365
2021-11-15 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-20228 affecting package ansible 2.9.18-1
2021-10-22 04:51:42
archlinux
archlinux
[ASA-202102-30] ansible-base: information disclosure
2021-02-20 00:00:00
symantec
symantec
Ansible CVE-2019-14864 Multiple Information Disclosure Vulnerabilities
2019-10-16 00:00:00

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

7.9 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.8%

JSON
Related for DEBIAN:DSA-4950-1:53D76
osv23openvas16nessus37fedora11redhat17mageia3debian2suse3gentoo1photon5cvelist8redhatcve8ubuntucve7nvd7prion8alpinelinux5cve9debiancve7veracode9github9f51cbl_mariner1archlinux1symantec1