All errata/sisyphus/ALT-PU-2015-1579-2
ALT-PU-2015-1579-2

Package update ansible in branch sisyphus

Version1.9.2-alt1
Task#145844
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (4)

CVE-2015-3908
MEDIUM4.3

Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Published: 2015-08-12Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
References
CVE-2015-6240
HIGH7.8

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.

Published: 2017-06-07Modified: 2025-04-20
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
GHSA-w64c-pxjj-h866
HIGH8.7

Ansible does not verify that the server hostname matches a domain name in certificates

Published: 2018-10-10Modified: 2024-09-04
CVSS 3.xHIGH 8.7
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 4.0HIGH 8.7
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
References
GHSA-wwwh-47wp-m522
HIGH8.5

Ansible Sandbox Escape via Symlink Attack

Published: 2022-05-13Modified: 2024-08-31
CVSS 3.xHIGH 8.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 4.0HIGH 8.5
CVSS:4.0/CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References

Closed bugs (1)