CVE-2015-3908: Improper TLS Certificate Validation

August 12, 2015 (updated September 16, 2019)

Ansible fails to adequately validate HTTPS certificates when using the get_url and uri modules, and when using the url and etcd lookup plugins. This allows for man-in-the-middle attacks on those connections.

References

www.ansible.com/security
github.com/ansible/ansible/blob/devel/CHANGELOG.md

Detect and mitigate CVE-2015-3908 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →