Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible ansible vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1657
A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting i...
NA
CVE_2024_3094
Ansible role cve_2024_3094 Check xz vulnerability (cve_2024_3094) on your system. GitHub Version Issues Pull Requests Downloads Example Playbook This example is taken from molecule/default/converge.yml and is tested on each push, pull request and release. --- - nam...
1 Github repository
NA
CVE-2024-29201
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root priv...
1 Github repository
NA
CVE-2024-29202
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs wi...
NA
CVE_2022_21882
OSEP-Notes Initial Access HTA Fileless Initial Access Reverse Shell (AppLocker + CLM + Defender Bypass) Scenario: You can make a user execute your malicious HTA files, but AppLocker, CLM, and Defender block all payloads. To get a fileless reverse shell, one method that worked for...
1 Github repository
5.5
CVSSv3
CVE-2024-0690
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive infor...
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Redhat Ansible
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.1
Redhat Ansible Inside 1.2
Fedoraproject Fedora 38
Fedoraproject Fedora 39
7.5
CVSSv3
CVE-2023-50782
A flaw was found in the python-cryptography package. This issue may allow a remote malicious user to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Redhat Ansible Automation Platform 2.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Redhat Update Infrastructure 4
Python-cryptography Project Python-cryptography
6.3
CVSSv3
CVE-2023-5115
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an malicious user to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Redhat Ansible Automation Platform 1.2
Redhat Ansible Automation Platform 2.3
Redhat Ansible Automation Platform 2.4
Redhat Ansible Inside 1.1
Redhat Ansible Inside 1.2
Redhat Ansible Developer 1.0
Redhat Ansible Developer 1.1
Debian Debian Linux 10.0
7.8
CVSSv3
CVE-2023-5764
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an malicious user to use a specially crafted file to introduce templating injection when suppl...
Redhat Ansible 2.16.0
Redhat Ansible
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.1
Redhat Ansible Inside 1.2
6.5
CVSSv3
CVE-2023-5189
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
Redhat Satellite 6.0
Redhat Ansible Automation Platform 2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »