Cory Benfield

**Name of the Vulnerable Software and Affected Versions** urllib3 versions 1.17 through 1.18 **Description** The issue is related to incorrect validation of TLS certificates in certain configurations, putting users at risk of man-in-the-middle and information leakage attacks. This occurs when using the optional PyOpenSSL support for TLS with OpenSSL 1.1.0 via PyOpenSSL, instead of the standard library TLS backend. The security impact is considered low due to the uncommon nature of this configuration. **Recommendations** For versions 1.17 and 1.18, consider disabling the use of PyOpenSSL support for TLS until a patch is available, or switch to using the standard library TLS backend to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ansible versions prior to 1.9.2 **Description** The issue concerns a failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) or the subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. **Recommendations** For Ansible versions prior to 1.9.2, update to version 1.9.2 or later to resolve the issue. As a temporary workaround, consider restricting SSL connections to only trusted servers or implementing additional verification measures for server certificates until the update can be applied.