Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39059
An issue in ansible semaphore v.2.8.90 allows a remote malicious user to execute arbitrary code via a crafted payload to the extra variables parameter.
Ansible-semaphore Ansible Semaphore 2.8.90
605
VMScore
CVE-2017-2809
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault prior to 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.
Ansible-vault Project Ansible-vault
NA
CVE-2022-3697
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an malicious user to take advantage of this issue as the module is handling the parameter insecurely, leading to the password...
Redhat Ansible Collection
Redhat Ansible
187
VMScore
CVE-2019-14858
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub par...
Redhat Ansible Tower
Redhat Ansible Engine
409
VMScore
CVE-2020-1737
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by cra...
Redhat Ansible Tower
Redhat Ansible Engine
320
VMScore
CVE-2020-10691
An archive traversal flaw was found in all ansible-engine versions 2.9.x before 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrit...
Redhat Ansible Engine
Redhat Ansible Tower 3.0
NA
CVE-2021-4041
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host...
Redhat Ansible Runner
Redhat Ansible Runner 2.1.0
NA
CVE-2023-4237
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an malicious user to fetch those keys from the log files, compromising the system's confidentiali...
Redhat Ansible Automation Platform 2.0
Redhat Ansible Collection
641
VMScore
CVE-2016-3096
The create_script function in the lxc_container module in Ansible prior to 1.9.6-1 and 2.x prior to 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path direct...
Fedoraproject Fedora 22
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Redhat Ansible
Redhat Ansible 2.0
Redhat Ansible 2.0.1
187
VMScore
CVE-2021-3681
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info,...
Redhat Ansible Automation Platform 1.2
Redhat Ansible Galaxy 3.3.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »