chore(deps): update dependency ansible-core to v2.16.19 [security]#63
Open
renovate[bot] wants to merge 1 commit into
Open
chore(deps): update dependency ansible-core to v2.16.19 [security]#63renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
renovate
Bot
force-pushed
the
renovate/pypi-ansible-core-vulnerability
branch
from
December 3, 2024 22:59
af59ec4 to
6d73094
Compare
renovate
Bot
force-pushed
the
renovate/pypi-ansible-core-vulnerability
branch
from
August 10, 2025 15:25
6d73094 to
7362977
Compare
renovate
Bot
force-pushed
the
renovate/pypi-ansible-core-vulnerability
branch
from
March 30, 2026 19:06
7362977 to
8292543
Compare
renovate
Bot
force-pushed
the
renovate/pypi-ansible-core-vulnerability
branch
from
July 17, 2026 04:04
8292543 to
ec54444
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==2.16.3→==2.16.19ansible-core Incorrect Authorization vulnerability
CVE-2024-9902 / GHSA-32p4-gm2c-wmch
More information
Details
A flaw was found in Ansible. The ansible-core
usermodule can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes theusermodule against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.Severity
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Ansible-Core vulnerable to content protections bypass
CVE-2024-11079 / GHSA-99w6-3xph-cx78
More information
Details
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:PReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Ansible vulnerable to Insertion of Sensitive Information into Log File
CVE-2024-8775 / GHSA-jpxc-vmjf-9fcj
More information
Details
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
ansible-core: Argument injection in ansible-galaxy role install leads to arbitrary code execution
CVE-2026-11332 / GHSA-w8p5-mx5w-cpqj
More information
Details
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install.
Severity
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Configuration
📅 Schedule: (in timezone Europe/Warsaw)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.