Hi All,
Recently, we did a project and has installed ansible package inside our project. During VAPT scanning, it flagged out has vulnerability due to the ansible-vault.nuspec.
Please check the screenshot for reference
C:\Users\10126226\Desktop\JTC\VAPT_Python_Scan\ansible-4.10.0.tar.gz\ansible-4.10.0.tar\ansible-4.10.0\ansible_collections\community\windows\tests\integration\targets\win_psmodule_info\files
ansiblevault.0.3.0.nupkg
Thanks.
AnsibleVault.nuget that’s part of the integration tests of the community.windows collection (community.windows/tests/integration/targets/win_psmodule_info/files/ansiblevault.0.3.0.nupkg at main · ansible-collections/community.windows · GitHub). This is nothing that regular users of Ansible ever encounter.So in any case, this is not a vulnerability affecting anyone except potentially the integration tests of one of the collections included in Ansible (and even there, it’s only used to test a module, and not used itself to run something, so the vulnerability in that program isn’t a problem for the tests as far as I can see).
I’ll create an issue in the collection so the collection maintainers can update or replace the program.