A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.0.0.2-2ubuntu1.3", "binary_name": "ansible" }, { "binary_version": "2.0.0.2-2ubuntu1.3", "binary_name": "ansible-fireball" }, { "binary_version": "2.0.0.2-2ubuntu1.3", "binary_name": "ansible-node-fireball" } ] }