Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ansible automation platform 1.2 vulnerabilities and exploits
(subscribe to this query)
6.3
CVSSv3
CVE-2023-5115
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an malicious user to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Redhat Ansible Automation Platform 1.2
Redhat Ansible Automation Platform 2.3
Redhat Ansible Automation Platform 2.4
Redhat Ansible Inside 1.1
Redhat Ansible Inside 1.2
Redhat Ansible Developer 1.0
Redhat Ansible Developer 1.1
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2022-3205
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
Redhat Ansible Automation Platform 1.2
Redhat Ansible Automation Platform 2.0
7.1
CVSSv3
CVE-2021-3583
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special ...
Redhat Ansible Automation Platform 1.2
Redhat Ansible Tower
Redhat Ansible Engine
5.5
CVSSv3
CVE-2021-3681
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info,...
Redhat Ansible Automation Platform 1.2
Redhat Ansible Galaxy 3.3.0
6.3
CVSSv3
CVE-2023-4380
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an malicious user to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, an...
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.1
Redhat Ansible Inside 1.2
7.5
CVSSv3
CVE-2021-20228
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an malicious user to obtain sensitive information. The highest threat...
Redhat Ansible Engine 2.9.18
Redhat Ansible Engine 2.0
Redhat Ansible Tower 3.0
Redhat Ansible Engine 2.9
Redhat Ansible Automation Platform 1.2
Debian Debian Linux 10.0
5.5
CVSSv3
CVE-2024-0690
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive infor...
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Redhat Ansible
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.1
Redhat Ansible Inside 1.2
Fedoraproject Fedora 38
Fedoraproject Fedora 39
7.8
CVSSv3
CVE-2023-5764
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an malicious user to use a specially crafted file to introduce templating injection when suppl...
Redhat Ansible 2.16.0
Redhat Ansible
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.1
Redhat Ansible Inside 1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started