FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f418cd50-561a-49a2-a133-965d03ede72a	py-ansible -- data leak vulnerability Tapas jena reports: A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. Discovery 2021-06-09 Entry 2023-04-10 py37-ansible py38-ansible py39-ansible py310-ansible py311-ansible <= 7.1.0 CVE-2021-3532 https://osv.dev/vulnerability/PYSEC-2021-125
e1b77733-a982-442e-8796-a200571bfcf2	py-ansible -- multiple vulnerabilities abeluck reports: A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. Discovery 2020-10-05 Entry 2023-04-10 py37-ansible py38-ansible py39-ansible py310-ansible py311-ansible <= 7.2.0 CVE-2020-25635 https://osv.dev/vulnerability/PYSEC-2020-220 CVE-2020-25636 https://osv.dev/vulnerability/PYSEC-2020-221

VuXML ID

Description

f418cd50-561a-49a2-a133-965d03ede72a

py-ansible -- data leak vulnerability

Tapas jena reports:

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory.

Any secret information in an async status file will be readable by a malicious user on that system.

This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Discovery 2021-06-09
Entry 2023-04-10
py37-ansible
py38-ansible
py39-ansible
py310-ansible
py311-ansible

<= 7.1.0

CVE-2021-3532
https://osv.dev/vulnerability/PYSEC-2021-125

e1b77733-a982-442e-8796-a200571bfcf2

py-ansible -- multiple vulnerabilities

abeluck reports:

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed.

Files would remain in the bucket exposing the data.

This issue affects directly data confidentiality.

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers.

Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes.

This issue affects mainly the service availability.

Discovery 2020-10-05
Entry 2023-04-10
py37-ansible
py38-ansible
py39-ansible
py310-ansible
py311-ansible

<= 7.2.0

CVE-2020-25635
https://osv.dev/vulnerability/PYSEC-2020-220
CVE-2020-25636
https://osv.dev/vulnerability/PYSEC-2020-221