Componentpedia / Listings / ansible / 2.9.23

Last update: 27/01/2025

ansible

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.

Version: 2.9.23 registry icon
Safety score
5
Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.
De-risk your app now
Security Risks of Known Vulnerabilities
CVE-2024-0690
CWE-116
Threat level: MEDIUM | CVSS score: 5.5

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.


CVE-2020-14330
CWE-116
Threat level: MEDIUM | CVSS score: 5

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.


CVE-2023-5764
Threat level: HIGH | CVSS score: 7.8

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.


CVE-2022-3697
Threat level: HIGH | CVSS score: 7.5

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.


CVE-2021-3620
Threat level: MEDIUM | CVSS score: 5.5

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.


Please note that this component is affected by 3 other vulnerabilities
0 Critical  |  0 High  |  2 Medium  |  1 Low  |  0 Suggest

Latest safe major: 11.1.0 Scan your application codebase with Meterian to see all known vulnerabilities in your open source software dependencies.


Stability

Stay updated with the latest patches and releases. Plan your sofware desisgn. Avoid common known vulnerabilities fixed by the open source community

Latest patch release:   2.9.27

Latest minor release:   2.10.7

Latest major release:   11.1.0

Licensing

Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

GPL-3.0-only   -   GNU General Public License v3.0 only

Not a wildcard

Not proprietary

OSI Compliant