CVE-2015-3908: Improper TLS Certificate Validation
(updated )
Ansible fails to adequately validate HTTPS certificates when using the get_url and uri modules, and when using the url and etcd lookup plugins. This allows for man-in-the-middle attacks on those connections.
References
Detect and mitigate CVE-2015-3908 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →