{"id":"USN-7330-1","summary":"ansible vulnerabilities","details":"It was discovered that Ansible did not properly verify certain fields of\nX.509 certificates. An attacker could possibly use this issue to spoof\nSSL servers if they were able to intercept network communications. This\nissue only affected Ubuntu 14.04 LTS. (CVE-2015-3908)\n\nMartin Carpenter discovered that certain connection plugins for Ansible\ndid not properly restrict users. An attacker with local access could\npossibly use this issue to escape a restricted environment via symbolic\nlinks misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240)\n\nRobin Schneider discovered that Ansible's apt_key module did not properly\nverify key fingerprints. A remote attacker could possibly use this issue\nto perform key injection, leading to the access of sensitive information.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-8614)\n\nIt was discovered that Ansible would expose passwords in certain\ninstances. An attacker could possibly use specially crafted input related\nto this issue to access sensitive information. This issue only affected\nUbuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-10206)\n\nIt was discovered that Ansible incorrectly logged sensitive information.\nAn attacker with local access could possibly use this issue to access\nsensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu\n16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2019-14846)\n\nIt was discovered that Ansible's solaris_zone module accepted input without\nperforming input checking. A remote attacker could possibly use this issue\nto enable the execution of arbitrary code. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-14904)\n\nIt was discovered that Ansible did not generate sufficiently random values,\nwhich could lead to the exposure of passwords. An attacker could possibly\nuse this issue to access sensitive information. This issue only affected\nUbuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10729)\n\nIt was discovered that Ansible's svn module could disclose passwords to\nusers within the same node. An attacker could possibly use this issue to\naccess sensitive information. (CVE-2020-1739)\n","modified":"2026-02-10T04:47:18Z","published":"2025-03-05T20:26:48Z","related":["UBUNTU-CVE-2015-3908","UBUNTU-CVE-2015-6240","UBUNTU-CVE-2016-8614","UBUNTU-CVE-2019-10206","UBUNTU-CVE-2019-14846","UBUNTU-CVE-2019-14904","UBUNTU-CVE-2020-10729","UBUNTU-CVE-2020-1739"],"upstream":["CVE-2015-3908","CVE-2015-6240","CVE-2016-8614","CVE-2019-10206","CVE-2019-14846","CVE-2019-14904","CVE-2020-10729","CVE-2020-1739","UBUNTU-CVE-2015-3908","UBUNTU-CVE-2015-6240","UBUNTU-CVE-2016-8614","UBUNTU-CVE-2019-10206","UBUNTU-CVE-2019-14846","UBUNTU-CVE-2019-14904","UBUNTU-CVE-2020-10729","UBUNTU-CVE-2020-1739"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7330-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-3908"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6240"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-8614"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-10206"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-14846"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-14904"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-1739"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-10729"}],"affected":[{"package":{"name":"ansible","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/ansible@1.5.4+dfsg-1ubuntu0.1~esm3?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.4+dfsg-1ubuntu0.1~esm3"}]}],"versions":["1.1+dfsg-1","1.3.4+dfsg-1","1.4.0+dfsg-1","1.4.1+dfsg-1","1.4.3+dfsg-1","1.4.4+dfsg-1","1.5.4+dfsg-1","1.5.4+dfsg-1ubuntu0.1~esm1","1.5.4+dfsg-1ubuntu0.1~esm2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro","binaries":[{"binary_name":"ansible","binary_version":"1.5.4+dfsg-1ubuntu0.1~esm3"},{"binary_name":"ansible-fireball","binary_version":"1.5.4+dfsg-1ubuntu0.1~esm3"},{"binary_name":"ansible-node-fireball","binary_version":"1.5.4+dfsg-1ubuntu0.1~esm3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7330-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-3908"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-6240"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2016-8614"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2019-14846"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-1739"}]}}},{"package":{"name":"ansible","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/ansible@2.0.0.2-2ubuntu1.3+esm5?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0.2-2ubuntu1.3+esm5"}]}],"versions":["1.9.2+dfsg-2","1.9.4-1","2.0.0.2-2","2.0.0.2-2ubuntu1","2.0.0.2-2ubuntu1.1","2.0.0.2-2ubuntu1.2","2.0.0.2-2ubuntu1.3","2.0.0.2-2ubuntu1.3+esm1","2.0.0.2-2ubuntu1.3+esm2","2.0.0.2-2ubuntu1.3+esm3","2.0.0.2-2ubuntu1.3+esm4"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"ansible","binary_version":"2.0.0.2-2ubuntu1.3+esm5"},{"binary_name":"ansible-fireball","binary_version":"2.0.0.2-2ubuntu1.3+esm5"},{"binary_name":"ansible-node-fireball","binary_version":"2.0.0.2-2ubuntu1.3+esm5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7330-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2016-8614"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-10206"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2019-14846"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2019-14904"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-1739"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-10729"}]}}},{"package":{"name":"ansible","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/ansible@2.5.1+dfsg-1ubuntu0.1+esm5?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.1+dfsg-1ubuntu0.1+esm5"}]}],"versions":["2.3.1.0+dfsg-2","2.5.0+dfsg-1","2.5.1+dfsg-1","2.5.1+dfsg-1ubuntu0.1","2.5.1+dfsg-1ubuntu0.1+esm1","2.5.1+dfsg-1ubuntu0.1+esm2","2.5.1+dfsg-1ubuntu0.1+esm3","2.5.1+dfsg-1ubuntu0.1+esm4"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"ansible","binary_version":"2.5.1+dfsg-1ubuntu0.1+esm5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7330-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-10206"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2019-14846"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2019-14904"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-1739"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-10729"}]}}},{"package":{"name":"ansible","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/ansible@2.9.6+dfsg-1ubuntu0.1~esm3?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.6+dfsg-1ubuntu0.1~esm3"}]}],"versions":["2.8.3+dfsg-1","2.8.6+dfsg-1","2.9.2+dfsg-1","2.9.4+dfsg-1","2.9.6+dfsg-1","2.9.6+dfsg-1ubuntu0.1~esm1","2.9.6+dfsg-1ubuntu0.1~esm2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"ansible","binary_version":"2.9.6+dfsg-1ubuntu0.1~esm3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7330-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-1739"}]}}}],"schema_version":"1.7.3"}