Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv2
CVE-2020-1734
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitr...
Redhat Ansible Tower 3.4.5
Redhat Ansible Tower 3.5.5
Redhat Ansible Tower 3.6.3
Redhat Ansible Engine 2.8.8
Redhat Ansible Engine 2.9.5
Redhat Ansible Engine
Redhat Ansible Tower
7.5
CVSSv2
CVE-2021-33924
Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote malicious users to access sensitive information.
Confluent Ansible 5.5.0
Confluent Ansible 5.5.1
Confluent Ansible 5.5.2
Confluent Ansible 6.0.0
9.3
CVSSv2
CVE-2016-9587
Ansible prior to 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this ...
Redhat Ansible
Ansible Ansible
Redhat Openstack 11
1 EDB exploit
1 Github repository
1 Article
3.3
CVSSv2
CVE-2013-4260
lib/ansible/playbook/__init__.py in Ansible 1.2.x prior to 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.
Redhat Ansible 1.2.1
Redhat Ansible 1.2
Redhat Ansible 1.2.2
2.1
CVSSv2
CVE-2021-33923
Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local malicious users to access some sensitive information (private keys, state database).
Confluent Cp-ansible 5.5.0
Confluent Cp-ansible 5.5.1
Confluent Cp-ansible 5.5.2
Confluent Cp-ansible 6.0.0
NA
CVE-2023-28609
api/auth.go in Ansible Semaphore prior to 2.8.89 mishandles authentication.
Ansible-semaphore Ansible Semaphore
3.6
CVSSv2
CVE-2021-3583
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special ...
Redhat Ansible Automation Platform 1.2
Redhat Ansible Tower
Redhat Ansible Engine
5
CVSSv2
CVE-2021-20228
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an malicious user to obtain sensitive information. The highest threat...
Redhat Ansible Engine 2.9.18
Redhat Ansible Engine 2.0
Redhat Ansible Tower 3.0
Redhat Ansible Engine 2.9
Redhat Ansible Automation Platform 1.2
Debian Debian Linux 10.0
NA
CVE-2022-3697
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an malicious user to take advantage of this issue as the module is handling the parameter insecurely, leading to the password...
Redhat Ansible Collection
Redhat Ansible
NA
CVE-2023-39059
An issue in ansible semaphore v.2.8.90 allows a remote malicious user to execute arbitrary code via a crafted payload to the extra variables parameter.
Ansible-semaphore Ansible Semaphore 2.8.90
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »