Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2020-1734
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitr...
Redhat Ansible Tower 3.4.5
Redhat Ansible Tower 3.5.5
Redhat Ansible Tower 3.6.3
Redhat Ansible Engine 2.8.8
Redhat Ansible Engine 2.9.5
Redhat Ansible Engine
Redhat Ansible Tower
9.8
CVSSv3
CVE-2021-33924
Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote malicious users to access sensitive information.
Confluent Ansible 5.5.0
Confluent Ansible 5.5.1
Confluent Ansible 5.5.2
Confluent Ansible 6.0.0
8.1
CVSSv3
CVE-2016-9587
Ansible prior to 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this ...
Redhat Ansible
Ansible Ansible
Redhat Openstack 11
1 EDB exploit
1 Github repository
1 Article
NA
CVE-2013-4260
lib/ansible/playbook/__init__.py in Ansible 1.2.x prior to 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.
Redhat Ansible 1.2.1
Redhat Ansible 1.2
Redhat Ansible 1.2.2
5.5
CVSSv3
CVE-2021-33923
Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local malicious users to access some sensitive information (private keys, state database).
Confluent Cp-ansible 5.5.0
Confluent Cp-ansible 5.5.1
Confluent Cp-ansible 5.5.2
Confluent Cp-ansible 6.0.0
9.8
CVSSv3
CVE-2023-28609
api/auth.go in Ansible Semaphore prior to 2.8.89 mishandles authentication.
Ansible-semaphore Ansible Semaphore
7.1
CVSSv3
CVE-2021-3583
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special ...
Redhat Ansible Automation Platform 1.2
Redhat Ansible Tower
Redhat Ansible Engine
7.5
CVSSv3
CVE-2021-20228
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an malicious user to obtain sensitive information. The highest threat...
Redhat Ansible Engine 2.9.18
Redhat Ansible Engine 2.0
Redhat Ansible Tower 3.0
Redhat Ansible Engine 2.9
Redhat Ansible Automation Platform 1.2
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2022-3697
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an malicious user to take advantage of this issue as the module is handling the parameter insecurely, leading to the password...
Redhat Ansible Collection
Redhat Ansible
8.8
CVSSv3
CVE-2023-39059
An issue in ansible semaphore v.2.8.90 allows a remote malicious user to execute arbitrary code via a crafted payload to the extra variables parameter.
Ansible-semaphore Ansible Semaphore 2.8.90
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »