Safety CI > apihackers/docker-ansible

pyup/update-ansible-2.9.7-to-7.6.0

1 year, 11 months ago

Update ansible from 2.9.7 to 7.6.0

ansible 7.6.0 has known security vulnerabilities.

Package	Installed	Affected	Info

pyup/update-ansible-2.9.7-to-7.5.0

1 year, 11 months ago

59bca1b6

Update ansible from 2.9.7 to 7.5.0

ansible 7.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info

pyup/update-ansible-2.9.7-to-7.4.0

2 years ago

88715deb

Update ansible from 2.9.7 to 7.4.0

ansible 7.4.0 has known security vulnerabilities.

Package	Installed	Affected	Info

pyup/update-ansible-2.9.7-to-7.3.0

2 years, 1 month ago

02bf68f4

Update ansible from 2.9.7 to 7.3.0

ansible 7.3.0 has known security vulnerabilities.

Package	Installed	Affected	Info

pyup/update-ansible-2.9.7-to-6.4.0

2 years, 7 months ago

7f4aed9c

Update ansible from 2.9.7 to 6.4.0

ansible 6.4.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	6.4.0	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Package

Installed

Affected

Info

ansible

6.4.0

>=2.5.0a1,<7.0.0

show

A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

pyup/update-ansible-2.9.7-to-6.3.0

2 years, 7 months ago

abc8499f

Update ansible from 2.9.7 to 6.3.0

ansible 6.3.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	6.3.0	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Package

Installed

Affected

Info

ansible

6.3.0

>=2.5.0a1,<7.0.0

show

A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

pyup/update-ansible-2.9.7-to-6.2.0

2 years, 8 months ago

d9d2c062

Update ansible from 2.9.7 to 6.2.0

ansible 6.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	6.2.0	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Package

Installed

Affected

Info

ansible

6.2.0

>=2.5.0a1,<7.0.0

show

A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

pyup/update-ansible-2.9.7-to-6.1.0

2 years, 9 months ago

d63ddae6

Update ansible from 2.9.7 to 6.1.0

ansible 6.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	6.1.0	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Package

Installed

Affected

Info

ansible

6.1.0

>=2.5.0a1,<7.0.0

show

A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

pyup/update-ansible-2.9.7-to-6.0.0

2 years, 10 months ago

b5495ca5

Update ansible from 2.9.7 to 6.0.0

ansible 6.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	6.0.0	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Package

Installed

Affected

Info

ansible

6.0.0

>=2.5.0a1,<7.0.0

show

A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

pyup/update-jmespath-0.9.5-to-1.0.1

2 years, 10 months ago

72e6efdc

Update jmespath from 0.9.5 to 1.0.1

ansible 2.9.7 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	2.9.7	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
ansible	2.9.7	>=0,<2.9.27	show Ansible is an IT automation system that handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. A flaw was found in Ansible Engine's ansible-connection module where sensitive information, such as the Ansible user credentials, is disclosed by default in the traceback error message when Ansible receives an unexpected response from `set_options`. The highest threat from this vulnerability is confidentiality.
ansible	2.9.7	<2.8.15 , >=2.9.0b1,<2.9.13	show A flaw was found in the Ansible Engine, in ansible-engine affected versions, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, the default behaviour. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.
ansible	2.9.7	>=2.8.0a1,<2.8.19 , >=2.9.0b1,<2.9.18	show A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
ansible	2.9.7	<2.10.5	show A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.
ansible	2.9.7	<2.9.18	show Ansible 2.9.18 includes a fix for CVE-2021-20178: A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. https://bugzilla.redhat.com/show_bug.cgi?id=1914774
ansible	2.9.7	>=0,<2.10.0	show An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
ansible	2.9.7	>=2.10.0a1,<2.10.7 , >=2.9.0b1,<2.9.18 , >=0,<2.8.19	show A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
ansible	2.9.7	>=0,<2.8.14 , >=2.9.0b1,<2.9.12	show A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
ansible	2.9.7	<2.10.5	show A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.

pyup/update-ansible-2.9.7-to-5.9.0

2 years, 10 months ago

f79e465e

Update ansible from 2.9.7 to 5.9.0

ansible 5.9.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	5.9.0	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Package

Installed

Affected

Info

ansible

5.9.0

>=2.5.0a1,<7.0.0

show

A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

pyup/update-ansible-2.9.7-to-5.8.0

2 years, 11 months ago

653c074d

Update ansible from 2.9.7 to 5.8.0

ansible 5.8.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	5.8.0	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Package

Installed

Affected

Info

ansible

5.8.0

>=2.5.0a1,<7.0.0

show

A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

pyup/update-ansible-2.9.7-to-5.7.1

2 years, 11 months ago

437535af

Update ansible from 2.9.7 to 5.7.1

ansible 5.7.1 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	5.7.1	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Package

Installed

Affected

Info

ansible

5.7.1

>=2.5.0a1,<7.0.0

show

A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

pyup/update-ansible-2.9.7-to-5.7.0

2 years, 11 months ago

23a1f8d5

Update ansible from 2.9.7 to 5.7.0

ansible 5.7.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	5.7.0	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Package

Installed

Affected

Info

ansible

5.7.0

>=2.5.0a1,<7.0.0

show

A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

pyup/update-ansible-2.9.7-to-5.6.0

3 years ago

8cd8752f

Update ansible from 2.9.7 to 5.6.0

ansible 5.6.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	5.6.0	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Package

Installed

Affected

Info

ansible

5.6.0

>=2.5.0a1,<7.0.0

show

A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.